Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not need to set recursive=True when restoring the selinux mode of the / directory #5807

Open
xiaoge1001 opened this issue Oct 10, 2024 · 3 comments · May be fixed by #5816
Open

do not need to set recursive=True when restoring the selinux mode of the / directory #5807

xiaoge1001 opened this issue Oct 10, 2024 · 3 comments · May be fixed by #5816
Labels
bug Something isn't working correctly

Comments

@xiaoge1001
Copy link
Contributor

Bug report

do not need to set recursive=True when restoring the selinux mode of the / directory. This may modify the SELinux security context of some files that are not displayed in the result of "semanage fcontext -l". This may affect other applications.

Steps to reproduce the problem

The mount point is set to /mnt1 and the /mnt1 directory does not exist.

from cloudinit import util
# the /mnt1 directory does not exist
util.ensure_dir("/mnt1")

Environment details

  • Cloud-init version: cloud-init-23.4.1-3.oe2403
  • Operating System Distribution:openEuler-24.03-LTS
  • Cloud provider, platform or installer type:nocloud

cloud-init logs

2024-10-08 07:31:41,157 - cc_mounts.py[DEBUG]: mounts configuration is [['my_alias.1', '/mnt1'], ['my_alias.2', '/mnt2']]
... ...
... ...
2024-10-08 07:31:41,161 - util.py[DEBUG]: Restoring selinux mode for / (recursive=True)
... ...
... ...
@xiaoge1001 xiaoge1001 added bug Something isn't working correctly new An issue that still needs triage labels Oct 10, 2024
@xiaoge1001
Copy link
Contributor Author

In commit ba5fb03, recursive=True is set when SeLinuxGuard is invoked in the ensure_dir method. Why do we set recursive=True?

@TheRealFalcon
Copy link
Member

@xiaoge1001 , thanks for the bug.

Why do we set recursive=True?

That code is old enough that I don't think any of the current developers have an answer. We're open to PRs to improve the functionality.

@TheRealFalcon TheRealFalcon removed the new An issue that still needs triage label Oct 10, 2024
@xiaoge1001
Copy link
Contributor Author

@xiaoge1001 , thanks for the bug.

Why do we set recursive=True?

That code is old enough that I don't think any of the current developers have an answer. We're open to PRs to improve the functionality.

Can we remove recursive=True from the ensure_dir function? I don't think it's necessary to set recursive=True.

@xiaoge1001 xiaoge1001 linked a pull request Oct 11, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working correctly
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

delete recursive=True for ensure_dir xiaoge1001/cloud-init
2 participants
@TheRealFalcon @xiaoge1001