Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cockpit: retain SELinux context if file exists #21506

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

cockpit: retain SELinux context if file exists #21506

wants to merge 1 commit into from

Conversation

jelly
Copy link
Member

@jelly jelly commented Jan 10, 2025

For the Cockpit Files editor fsreplace1 is used to write new content to an existing file. If an administrator has set a custom selinux context to such a file, for example a config file shared into a container the SELinux context is not kept which leads to unexpected behaviour.

Closes: #21505

@jelly jelly requested a review from martinpitt January 10, 2025 15:19
martinpitt
martinpitt requested changes Jan 11, 2025
View reviewed changes
Copy link
Member

@martinpitt martinpitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

src/cockpit/channels/filesystem.py Show resolved Hide resolved
src/cockpit/channels/filesystem.py Outdated Show resolved Hide resolved
pkg/playground/test.html Outdated Show resolved Hide resolved
pkg/playground/test.js Show resolved Hide resolved
test/verify/check-pages Outdated Show resolved Hide resolved
test/verify/check-pages Outdated Show resolved Hide resolved
@jelly
cockpit: retain SELinux context if file exists
9c2f2db 
For the Cockpit Files editor fsreplace1 is used to write new content to
an existing file. If an administrator has set a custom selinux
context to such a file, for example a config file shared into a
container the SELinux context is not kept which leads to unexpected
behaviour.

Closes: cockpit-project#21505
@jelly jelly force-pushed the fsreplace-selinux-context branch from 497c01f to 9c2f2db Compare January 13, 2025 12:23
cockpituous
cockpituous reviewed Jan 13, 2025
View reviewed changes
pkg/playground/test.js
Comment on lines +147 to +149
file.replace(content, use_tag ? tag : undefined)
.catch(exc => {
fsreplace_error.textContent = exc.toString();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These 3 added lines are not executed by any test.

@jelly jelly requested a review from martinpitt January 13, 2025 13:41
martinpitt
martinpitt approved these changes Jan 13, 2025
View reviewed changes
Copy link
Member

@martinpitt martinpitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dankjewel!

@martinpitt
Copy link
Member

martinpitt commented Jan 13, 2025
edited
Loading

a-webui looks really messy. Two tests are known broken, but not that badly. So let's retry to be sure. The failures are all on ND@1, so this reeks of "VM corruption".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cockpituous cockpituous cockpituous left review comments

@martinpitt martinpitt martinpitt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SELinux context is reset on saving text files
3 participants
@jelly @martinpitt @cockpituous