[yocto] [PATCH][meta-selinux] iscsi-initiator-utils: fix label for initiatorname.iscsi

Wed Mar 4 23:50:19 PST 2015

From: Wenzong Fan <wenzong.fan at windriver.com>

This config file was created by postinstall or initscript, the correct
label should be "etc_t", run restorecon /etc/iscsi/initiatorname.iscsi
to fix it and remove below avc denied issues:

  avc: denied { read } for pid=6094 comm="iscsid" \
  name="initiatorname.iscsi" dev="sda3" ino=1057846 \
  scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \
  tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
 .../iscsi-initiator-utils/files/initd.debian       | 123 +++++++++++++++++++++
 .../iscsi-initiator-utils_%.bbappend               |   1 +
 2 files changed, 124 insertions(+)
 create mode 100644 networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
 create mode 100644 networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend

diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
new file mode 100644
index 0000000..43fb348
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/files/initd.debian
@@ -0,0 +1,123 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:
+# Required-Start:
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Short-Description: Starts and stops the iSCSI initiator services and logins to default targets
+### END INIT INFO
+#set -x
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/iscsid
+ADM=/usr/sbin/iscsiadm
+PIDFILE=/var/run/iscsid.pid
+
+[ -x "$DAEMON" ] || exit 0
+
+if [ ! -d /sys/class/ ]; then
+  echo "Failure:" "iSCSI requires a mounted sysfs, not started."
+  exit 1
+fi
+
+nodestartup_re='s/^node\.conn\[0]\.startup[ 	]*=[ 	]*//p'
+
+RETVAL=0
+
+start() {
+	echo "Starting iSCSI initiator service" "iscsid"
+	modprobe -q iscsi_tcp 2>/dev/null || :
+	modprobe -q ib_iser 2>/dev/null || :
+	if [ ! -f /etc/iscsi/initiatorname.iscsi ]; then
+		INITIATORNAME=$(iscsi-iname)
+		cat >/etc/iscsi/initiatorname.iscsi <<EOF
+## DO NOT EDIT OR REMOVE THIS FILE!
+## If you remove this file, the iSCSI daemon will not start.
+## If you change the InitiatorName, existing access control lists
+## may reject this initiator.  The InitiatorName must be unique
+## for each iSCSI initiator.  Do NOT duplicate iSCSI InitiatorNames.
+InitiatorName=$INITIATORNAME
+EOF
+	fi
+
+	# Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
+	test ! -x /sbin/restorecon || /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi
+
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
+	RETVAL=$?
+	starttargets
+}
+
+starttargets() {
+	echo "Setting up iSCSI targets"
+	$ADM -m node --loginall=automatic
+}
+
+stoptargets() {
+	echo "Disconnecting iSCSI targets"
+	sync
+	$ADM -m node --logoutall=all
+	RETVAL=$?
+	#if RETVAL is 21, means no active sessions, consider ok
+	if [ "$RETVAL" = "21" ]; then
+		RETVAL=0
+	fi
+}
+
+stop() {
+	stoptargets
+	if [ $RETVAL -ne 0 ]; then
+		echo "Failure:" "Could not stop all targets, try again later"
+		return $RETVAL
+	fi
+
+	echo "Stopping iSCSI initiator service"
+	start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
+	rm -f $PIDFILE
+	status=0
+	modprobe -r ib_iser 2>/dev/null
+	if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
+		status=1
+	fi
+	modprobe -r iscsi_tcp 2>/dev/null
+	if [ "$?" -ne "0" -a "$?" -ne "1" ]; then
+		status=1
+	fi
+}
+
+restart() {
+	stop
+	if [ $RETVAL -ne 0 ]; then
+		echo "Failure:" "Stopping iSCSI initiator service failed, not starting"
+		return $RETVAL
+	fi
+	start
+}
+
+restarttargets() {
+	stoptargets
+	if [ $RETVAL -ne 0 ]; then
+		echo "Failure:" "Could not stop all targets, try again later"
+		return $RETVAL
+	fi
+	starttargets
+}
+
+status() {
+	#XXX FIXME: what to do here?
+	#status iscsid
+	# list active sessions
+	echo Current active iSCSI sessions:
+	$ADM -m session
+}
+
+case "$1" in
+	start|starttargets|stop|stoptargets|restart|restarttargets|status)
+		$1
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|status}"
+		exit 1
+		;;
+esac
+exit $RETVAL
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-- 
1.9.1


