diff options
| author | Bryn M. Reeves <bmr@redhat.com> | 2012-12-10 17:59:44 +0000 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2012-12-10 17:59:44 +0000 |
| commit | bc908179c200a73f032e188409384a4f8ed47c3b (patch) | |
| tree | 0a481c332454a1a49259eae59cdf0bf9e47a8e55 | |
| parent | 656ceaf1e503c0d7ca9b3bc0b1291e0d52e97a45 (diff) | |
| download | sos-bc908179c200a73f032e188409384a4f8ed47c3b.tar.gz | |
Do not attempt to store SELinux context for /proc and /sys
Storing a (correct) SELinux context for files in procfs and sysfs
leads to tonnes of ugly spew when the tarball is unpacked as these
contexts are not permitted on "normal" file systems:
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm/percpu_pagelist_fraction: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm/scan_unevictable_pages: Cannot setfilecon: Permission denied
Etc.
Check for these path prefixes in TarFileArchive.add_file() and skip
generating a pax header for them.
This isn't a perfect fix; it may be better to move this up to a
higer layer (i.e. within the Plugin class's file handling routines)
and also to filter by context rather than path (since SELinux
contexts are a property of an inode not a path and a user could
mount these file systems at other locations).
This partially fixes Issue #79 but I'll keep it open for the time
being to track these improvements.
| -rw-r--r-- | sos/utilities.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sos/utilities.py b/sos/utilities.py index b424e707..30d53487 100644 --- a/sos/utilities.py +++ b/sos/utilities.py @@ -263,9 +263,13 @@ class TarFileArchive(Archive): tar_info.size = len(content) fileobj = StringIO(content) fstat = os.stat(src) - context = self.get_selinux_context(src) - if context: - tar_info.pax_headers['RHT.security.selinux'] = context + # FIXME: handle this at a higher level? + if src.startswith("/sys/") or src.startswith ("/proc/"): + context = None + else: + context = self.get_selinux_context(src) + if context: + tar_info.pax_headers['RHT.security.selinux'] = context self.set_tar_info_from_stat(tar_info,fstat) self.add_parent(src) self.tarfile.addfile(tar_info, fileobj) |