Troy J Dawson wrote: > Stephan Wiesand wrote: >> Hi Troy, >> >> On Jan 12, 2011, at 17:57 , Troy Dawson wrote: >> >>> On the subject of openafs, we're found one selinux bug. >>> If you have selinux turned on, then the /afs directory, by default, has the wrong selinux settings. >>> >>> To fix this you have to run >>> restorecon -v /afs >>> (Actually you don't need the -v, but it's nice to see that something is done) >>> And then you can start afs normally. >>> >>> We'll have something in place by this friday's Alpha/Beta rollout. >> >> it's certainly a bug, but I'm not sure where it's sitting. There are three ways I'm aware of to make sure the /afs mount point has the right context with rpm/yum: >> >> 1) guarantee that the policy rpm is installed after openafs client >> - not feasible, right? >> 2) make sure restorecond is running when /afs is created, and change its configuration to care for /afs >> - even worse, and creating an unnecessary dependency on policycoreutils >> 3) correct the context in openafs-client's %post >> - when using restorecon, creates an unnecessary dependency on policycoreutils >> - when using chcon, requires the package to know the "right" context to apply >> > > Found the solution > > 4) put a --triggers on openafs-client that triggers on policycoreutils > (the package that has restorecond) > > %triggerin -n openafs-client -- policycoreutils > /sbin/restorecon /afs > > Since it is a trigger, it doesn't automatically pull in policycoreutils > as a dependancy. This way if someone does have selinux installed, this > trigger will set /afs to the proper settings. And if they don't have > selinux installed, nothing happens. > > And, if you are wondering, I've tested to make sure this builds with the > proper dependencies, but I haven't yet tested to make sure it properly > fixes the problem. > > Troy And now I've tested it completely. Having trigger do the work, works. Troy -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/SCF/FEF/SLSMS Group __________________________________________________