1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add 9p to list of special filesystems for selinux

When trying to copy files onto a Virtio-9p filesystem[1][2] int the host
using something like the template module, ansible throws an error that
says something like:

    invalid selinux context: [Errno 95] Operation not supported

Adding 9p to the list of exceptional filesystems forces ansible to not
try to set an SELinux context on copied files.

[1] such as one mounted in a qemu VM, using:

    # http://www.linux-kvm.org/page/9p_virtio
    qemu-kvm [...] -virtfs local,id=apps_dev,path=/host/dir,security_model=passthrough,mount_tag=host_dir

[2] https://www.kernel.org/doc/Documentation/filesystems/9p.txt

Change-Id: Ia868dadce1ffd2b5bebf5ee1804501676e9d7e5f
This commit is contained in:
Anhad Jai Singh 2017-02-10 20:52:55 +05:30 committed by Brian Coca
parent 05d719a9f1
commit 13dd4b108c
2 changed files with 2 additions and 2 deletions

View file

@ -372,7 +372,7 @@
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes

View file

@ -246,7 +246,7 @@ DEFAULT_NO_TARGET_SYSLOG = get_config(p, DEFAULTS, 'no_target_syslog', 'ANSIBL
ALLOW_WORLD_READABLE_TMPFILES = get_config(p, DEFAULTS, 'allow_world_readable_tmpfiles', None, False, value_type='boolean')
# selinux
DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs', value_type='list')
DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs, 9p', value_type='list')
DEFAULT_LIBVIRT_LXC_NOSECLABEL = get_config(p, 'selinux', 'libvirt_lxc_noseclabel', 'LIBVIRT_LXC_NOSECLABEL', False, value_type='boolean')
### PRIVILEGE ESCALATION ###