iscsi-initiator-utils: fix label for initiatorname.iscsifido

This config file was created by postinstall or initscript, the correct label should be "etc_t", run restorecon /etc/iscsi/initiatorname.iscsi to fix it and remove below avc denied issues: avc: denied { read } for pid=6094 comm="iscsid" \ name="initiatorname.iscsi" dev="sda3" ino=1057846 \ scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \ tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-03-05 15:50:19 +0800
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-04-16 13:50:23 -0400
commit: 428a255644d0e385c9512bdd1919c452b4d00e01 (patch)
tree: 621252d47ff9100ecd9f77e2316499e90e96196e
parent: b2c18b5a8178931b461f58a1dcd27ad3ec6aaebb (diff)
download: meta-selinux-fido.tar.gz
2 files changed, 124 insertions, 0 deletions
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
new file mode 100644
index 0000000..43fb348
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
@@ -0,0 +1,123 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:
+# Required-Start:
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Short-Description: Starts and stops the iSCSI initiator services and logins to default targets
+### END INIT INFO
+#set -x
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/iscsid
+ADM=/usr/sbin/iscsiadm
+PIDFILE=/var/run/iscsid.pid
+[ -x "$DAEMON" ] || exit 0
+if [ ! -d /sys/class/ ]; then
+  echo "Failure:" "iSCSI requires a mounted sysfs, not started."
+  exit 1
+fi
+nodestartup_re='s/^node\.conn\[0]\.startup[     ]*=[    ]*//p'
+RETVAL=0
+start() {
+        echo "Starting iSCSI initiator service" "iscsid"
+        modprobe -q iscsi_tcp 2>/dev/null || :
+        modprobe -q ib_iser 2>/dev/null || :
+        if [ ! -f /etc/iscsi/initiatorname.iscsi ]; then
+                INITIATORNAME=$(iscsi-iname)
+                cat >/etc/iscsi/initiatorname.iscsi <<EOF
+## DO NOT EDIT OR REMOVE THIS FILE!
+## If you remove this file, the iSCSI daemon will not start.
+## If you change the InitiatorName, existing access control lists
+## may reject this initiator.  The InitiatorName must be unique
+## for each iSCSI initiator.  Do NOT duplicate iSCSI InitiatorNames.
+InitiatorName=$INITIATORNAME
+EOF
+        fi
+        # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
+        test ! -x /sbin/restorecon || /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi
+        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
+        RETVAL=$?
+        starttargets
+}
+starttargets() {
+        echo "Setting up iSCSI targets"
+        $ADM -m node --loginall=automatic
+}
+stoptargets() {
+        echo "Disconnecting iSCSI targets"
+        sync
+        $ADM -m node --logoutall=all
+        RETVAL=$?
+        #if RETVAL is 21, means no active sessions, consider ok
+        if [ "$RETVAL" = "21" ]; then
+                RETVAL=0
+        fi
+}
+stop() {
+        stoptargets
+        if [ $RETVAL -ne 0 ]; then
+                echo "Failure:" "Could not stop all targets, try again later"
+                return $RETVAL
+        fi
+        echo "Stopping iSCSI initiator service"
+        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
+        rm -f $PIDFILE
+        status=0
+        modprobe -r ib_iser 2>/dev/null
+        if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
+                status=1
+        fi
+        modprobe -r iscsi_tcp 2>/dev/null
+        if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
+                status=1
+        fi
+}
+restart() {
+        stop
+        if [ $RETVAL -ne 0 ]; then
+                echo "Failure:" "Stopping iSCSI initiator service failed, not starting"
+                return $RETVAL
+        fi
+        start
+}
+restarttargets() {
+        stoptargets
+        if [ $RETVAL -ne 0 ]; then
+                echo "Failure:" "Could not stop all targets, try again later"
+                return $RETVAL
+        fi
+        starttargets
+}
+status() {
+        #XXX FIXME: what to do here?
+        #status iscsid
+        # list active sessions
+        echo Current active iSCSI sessions:
+        $ADM -m session
+}
+case "$1" in
+        start|starttargets|stop|stoptargets|restart|restarttargets|status)
+                $1
+                ;;
+        *)
+                echo "Usage: $0 {start|stop|restart|status}"
+                exit 1
+                ;;
+esac
+exit $RETVAL
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-03-05 15:50:19 +0800
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-04-16 13:50:23 -0400
commit	428a255644d0e385c9512bdd1919c452b4d00e01 (patch)
tree	621252d47ff9100ecd9f77e2316499e90e96196e
parent	b2c18b5a8178931b461f58a1dcd27ad3ec6aaebb (diff)
download	meta-selinux-fido.tar.gz

diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian new file mode 100644 index 0000000..43fb348 --- /dev/null +++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
@@ -0,0 +1,123 @@
	1	#! /bin/sh
	2	### BEGIN INIT INFO
	3	# Provides:
	4	# Required-Start:
	5	# Required-Stop:
	6	# Default-Start:
	7	# Default-Stop:
	8	# Short-Description: Starts and stops the iSCSI initiator services and logins to default targets
	9	### END INIT INFO
	10	#set -x
	11	PATH=/sbin:/bin:/usr/sbin:/usr/bin
	12	DAEMON=/usr/sbin/iscsid
	13	ADM=/usr/sbin/iscsiadm
	14	PIDFILE=/var/run/iscsid.pid
	15
	16	[ -x "$DAEMON" ] \|\| exit 0
	17
	18	if [ ! -d /sys/class/ ]; then
	19	echo "Failure:" "iSCSI requires a mounted sysfs, not started."
	20	exit 1
	21	fi
	22
	23	nodestartup_re='s/^node\.conn\[0]\.startup[ ]=[ ]//p'
	24
	25	RETVAL=0
	26
	27	start() {
	28	echo "Starting iSCSI initiator service" "iscsid"
	29	modprobe -q iscsi_tcp 2>/dev/null \|\| :
	30	modprobe -q ib_iser 2>/dev/null \|\| :
	31	if [ ! -f /etc/iscsi/initiatorname.iscsi ]; then
	32	INITIATORNAME=$(iscsi-iname)
	33	cat >/etc/iscsi/initiatorname.iscsi <<EOF
	34	## DO NOT EDIT OR REMOVE THIS FILE!
	35	## If you remove this file, the iSCSI daemon will not start.
	36	## If you change the InitiatorName, existing access control lists
	37	## may reject this initiator. The InitiatorName must be unique
	38	## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames.
	39	InitiatorName=$INITIATORNAME
	40	EOF
	41	fi
	42
	43	# Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
	44	test ! -x /sbin/restorecon \|\| /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi
	45
	46	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
	47	RETVAL=$?
	48	starttargets
	49	}
	50
	51	starttargets() {
	52	echo "Setting up iSCSI targets"
	53	$ADM -m node --loginall=automatic
	54	}
	55
	56	stoptargets() {
	57	echo "Disconnecting iSCSI targets"
	58	sync
	59	$ADM -m node --logoutall=all
	60	RETVAL=$?
	61	#if RETVAL is 21, means no active sessions, consider ok
	62	if [ "$RETVAL" = "21" ]; then
	63	RETVAL=0
	64	fi
	65	}
	66
	67	stop() {
	68	stoptargets
	69	if [ $RETVAL -ne 0 ]; then
	70	echo "Failure:" "Could not stop all targets, try again later"
	71	return $RETVAL
	72	fi
	73
	74	echo "Stopping iSCSI initiator service"
	75	start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
	76	rm -f $PIDFILE
	77	status=0
	78	modprobe -r ib_iser 2>/dev/null
	79	if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
	80	status=1
	81	fi
	82	modprobe -r iscsi_tcp 2>/dev/null
	83	if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
	84	status=1
	85	fi
	86	}
	87
	88	restart() {
	89	stop
	90	if [ $RETVAL -ne 0 ]; then
	91	echo "Failure:" "Stopping iSCSI initiator service failed, not starting"
	92	return $RETVAL
	93	fi
	94	start
	95	}
	96
	97	restarttargets() {
	98	stoptargets
	99	if [ $RETVAL -ne 0 ]; then
	100	echo "Failure:" "Could not stop all targets, try again later"
	101	return $RETVAL
	102	fi
	103	starttargets
	104	}
	105
	106	status() {
	107	#XXX FIXME: what to do here?
	108	#status iscsid
	109	# list active sessions
	110	echo Current active iSCSI sessions:
	111	$ADM -m session
	112	}
	113
	114	case "$1" in
	115	start\|starttargets\|stop\|stoptargets\|restart\|restarttargets\|status)
	116	$1
	117	;;
	118	*)
	119	echo "Usage: $0 {start\|stop\|restart\|status}"
	120	exit 1
	121	;;
	122	esac
	123	exit $RETVAL


diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
@@ -0,0 +1 @@
		FILESEXTRAPATHS_prepend := "${THISDIR}/files:"