f5c226810d
The modules from the old store were previously copied to the new one using setfscreatecon and shutil.copy2(). Now that refpolicy has rules about the new policy location[1], copying the contexts is redundant. More importantly, the setcreatefscon caused a constraint violation[2] which made the migration fail. In python3, shutil.copy2() copies xattrs as well which again causes problems. shutil.copy() is enough for our needs here as it will copy the file and permissions in both py2 and 3. We do not need the extra things that copy2() does (mtime, xattr, etc). [1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html [2] type=AVC msg=audit(1429438272.872:1869): avc: denied { create } for pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0 constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED allow semanage_t semanage_store_t:dir create; Signed-off-by: Jason Zaman <jason@perfinion.com> Acked-by: Steve Lawrence <slawrence@tresys.com> Changes from v1: - Changed some methods to not take a src param anymore. |
||
|---|---|---|
| .. | ||
| example | ||
| include | ||
| man | ||
| src | ||
| tests | ||
| utils | ||
| .gitignore | ||
| ChangeLog | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||