Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update RPM postinstall.sh script to use restorecon in place of chcon #532

Closed
atc0005 opened this issue Mar 1, 2023 · 1 comment · Fixed by #606
Closed

Update RPM postinstall.sh script to use restorecon in place of chcon #532

atc0005 opened this issue Mar 1, 2023 · 1 comment · Fixed by #606
Assignees
@atc0005
Labels
enhancement New feature or request packages Related to generated packages for this project (e.g., RPM, DEB)
Milestone
v0.15.2

Comments

@atc0005
Copy link
Owner

atc0005 commented Mar 1, 2023
edited
Loading

Overview

Add support for setting valid SELinux label/contexts/policy for plugins provided by this project (just one as of this writing). There is a rudimentary support already in place for setting a context via chcon, but as discussed elsewhere those values will be lost if the filesystem is relabeled.

This GH issue is intended to track valid or "proper" SELinux values, whether that's via a policy or some other well established pattern.

I should review monitoring plugin packages available via EPEL and similar projects to see how they're handling this.

References

Prior/Related work:

Additional reading:
@atc0005 atc0005 added enhancement New feature or request help wanted Extra attention is needed packages Related to generated packages for this project (e.g., RPM, DEB) labels Mar 1, 2023
@atc0005 atc0005 added this to the Future milestone Mar 1, 2023
@atc0005 atc0005 self-assigned this Mar 1, 2023
@atc0005 atc0005 changed the title Implement proper support for setting SELinux values for install plugins Implement proper support for setting SELinux values for installed plugins Mar 1, 2023
@atc0005 atc0005 removed the help wanted Extra attention is needed label Mar 1, 2023
@atc0005 atc0005 removed their assignment Mar 1, 2023
This was referenced Mar 1, 2023
Open
Closed
@atc0005 atc0005 modified the milestones: Future, Next Release Jun 28, 2023
@atc0005 atc0005 changed the title Implement proper support for setting SELinux values for installed plugins Update RPM postinstall.sh script to use restorecon in place of chcon Jun 28, 2023
@atc0005 atc0005 self-assigned this Jun 28, 2023
@atc0005
Copy link
Owner Author

atc0005 commented Jun 28, 2023

Modified example from https://github.com/stdevel/check_repodata:

$ sudo mv check_repodata.py /usr/lib64/nagios/plugins/check_repodata
$ sudo restorecon -v /usr/lib64/nagios/plugins/check_repodata
restorecon reset /usr/lib64/nagios/plugins/check_repodata context unconfined_u:object_r:lib_t:s0->unconfined_u:object_r:nagios_unconfined_plugin_exec_t:s0

atc0005 added a commit that referenced this issue Jun 28, 2023
@atc0005
Update RPM postinstall scripts to use restorecon
caecb73 
Replace calls to `chcon` and explicit context details with
`restorecon` to allow inheriting previously configured
SELinux settings.

refs GH-532
@atc0005 atc0005 mentioned this issue Jun 28, 2023
Merged
atc0005 added a commit that referenced this issue Jun 28, 2023
@atc0005
Update RPM postinstall scripts to use restorecon
d9d06e5 
Replace calls to `chcon` and explicit context details with
`restorecon` to allow inheriting previously configured
SELinux settings.

refs GH-532
@atc0005 atc0005 mentioned this issue Jun 28, 2023
Closed
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
enhancement New feature or request packages Related to generated packages for this project (e.g., RPM, DEB)
Projects
None yet
Milestone
v0.15.2
Development

Successfully merging a pull request may close this issue.

Update RPM postinstall scripts to use restorecon atc0005/check-cert
1 participant
@atc0005