Libguestfs - Mar 2017 - [PATCH] v2v: Fix invalid regexp in file_contexts file (RHBZ#1374232).

Instead of just documenting this bug, fix it in the file_contexts
file.

Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
---
 customize/SELinux_relabel.ml | 19 +++++++++++++++++++
 v2v/virt-v2v.pod             | 11 -----------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml
index fa9603c..69a4779 100644
--- a/customize/SELinux_relabel.ml
+++ b/customize/SELinux_relabel.ml
@@ -44,6 +44,25 @@ let relabel (g : G.guestfs)        let specfile         
sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
 
+      (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
+       * invalid regular expression "/var/run/spice-vdagentd.\pid"
+       * (instead of "\.p").  This stops setfiles from working on
+       * the guest.
+       *
+       * Because an SELinux relabel writes all over the filesystem,
+       * it seems reasonable to fix this problem in the specfile
+       * at the same time.  (RHBZ#1374232)
+       *)
+      if g#grep ~fixed:true ".\\p" specfile <> [||] then (
+        debug "fixing invalid regular expression in %s" specfile;
+        let old_specfile = specfile ^ "~" in
+        g#mv specfile old_specfile;
+        let content = g#read_file old_specfile in
+        let content = String.replace content ".\\p" "\\.p"
in
+        g#write specfile content;
+        g#copy_attributes ~all:true old_specfile specfile
+      );
+
       (* Relabel everything. *)
       g#selinux_relabel ~force:true specfile "/";
 
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
index 3d0eada..a5b8e88 100644
--- a/v2v/virt-v2v.pod
+++ b/v2v/virt-v2v.pod
@@ -789,17 +789,6 @@ can install policycoreutils E<ge> 1.18.1-4.13 before
starting the v2v
 conversion.  See also
 L<https://bugzilla.redhat.com/show_bug.cgi?id=244636>
 
-=head1 RHEL 6
-
-=head2 RHEL 6.2 fails with "libguestfs error: selinux_relabel: :
Success"
-
-Conversion of a RHEL 6.2 (exactly) guest will fail because the
-C</etc/selinux/targeted/contexts/files> file within the guest contains
-a corrupt regular expression.  This was fixed in later versions of
-RHEL 6, so you will need to update to any version E<ge> 6.3 before
-performing the conversion.  See also
-L<https://bugzilla.redhat.com/show_bug.cgi?id=1374232>
-
 =head1 DEBIAN AND UBUNTU
 
 =head2 "warning: could not determine a way to update the configuration of
Grub2"
-- 
2.10.2

On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones
wrote:
> Instead of just documenting this bug, fix it in the file_contexts
> file.
> 
> Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
> ---
>  customize/SELinux_relabel.ml | 19 +++++++++++++++++++
>  v2v/virt-v2v.pod             | 11 -----------
>  2 files changed, 19 insertions(+), 11 deletions(-)
> 
> diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml
> index fa9603c..69a4779 100644
> --- a/customize/SELinux_relabel.ml
> +++ b/customize/SELinux_relabel.ml
> @@ -44,6 +44,25 @@ let relabel (g : G.guestfs) >        let specfile
>          sprintf "/etc/selinux/%s/contexts/files/file_contexts"
policy in
>  
> +      (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
> +       * invalid regular expression
"/var/run/spice-vdagentd.\pid"
> +       * (instead of "\.p").  This stops setfiles from working
on
> +       * the guest.
> +       *
> +       * Because an SELinux relabel writes all over the filesystem,
> +       * it seems reasonable to fix this problem in the specfile
> +       * at the same time.  (RHBZ#1374232)
> +       *)
> +      if g#grep ~fixed:true ".\\p" specfile <> [||] then (
Should the search&replace be restricted to e.g.
"spice-vdagentd.\pid",
to avoid possible breaks with other versions of the contexts file?

Thanks,
-- 
Pino Toscano

On Mon, Mar 06, 2017 at 03:48:06PM +0100, Pino Toscano
wrote:
> On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones wrote:
> > Instead of just documenting this bug, fix it in the file_contexts
> > file.
> > 
> > Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
> > ---
> >  customize/SELinux_relabel.ml | 19 +++++++++++++++++++
> >  v2v/virt-v2v.pod             | 11 -----------
> >  2 files changed, 19 insertions(+), 11 deletions(-)
> > 
> > diff --git a/customize/SELinux_relabel.ml
b/customize/SELinux_relabel.ml
> > index fa9603c..69a4779 100644
> > --- a/customize/SELinux_relabel.ml
> > +++ b/customize/SELinux_relabel.ml
> > @@ -44,6 +44,25 @@ let relabel (g : G.guestfs) > >        let
specfile > >          sprintf
"/etc/selinux/%s/contexts/files/file_contexts" policy in
> >  
> > +      (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
> > +       * invalid regular expression
"/var/run/spice-vdagentd.\pid"
> > +       * (instead of "\.p").  This stops setfiles from
working on
> > +       * the guest.
> > +       *
> > +       * Because an SELinux relabel writes all over the filesystem,
> > +       * it seems reasonable to fix this problem in the specfile
> > +       * at the same time.  (RHBZ#1374232)
> > +       *)
> > +      if g#grep ~fixed:true ".\\p" specfile <> [||]
then (
> 
> Should the search&replace be restricted to e.g.
"spice-vdagentd.\pid",
> to avoid possible breaks with other versions of the contexts file?
Assuming it's a list of regular expressions (ie. the format doesn't
change radically) then \p would never be valid.  However yes I can
tighten up the test.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org