Merge pull request #79 from lexemmens/feature/fix-centos7

Read Podman storage location from confiuration

CHANGELOG.md

@@ -1,4 +1,8 @@
 ## Changelog
+### 1.14.1 (18-04-2023)
+#### Bugs
+* ([#80](https://github.com/lexemmens/podman-maven-plugin/issues/80)) - SecurityContextService now derives graphRoot via `podman system info` 
+
 ### 1.14.0 (11-04-2023)
 #### Bugs
 * ([#75](https://github.com/lexemmens/podman-maven-plugin/issues/75)) - Podman Clean was not working after version 1.11.0

src/main/java/nl/lexemmens/podman/command/podman/PodmanSystemCommand.java

@@ -0,0 +1,40 @@
+package nl.lexemmens.podman.command.podman;
+
+import nl.lexemmens.podman.command.Command;
+import nl.lexemmens.podman.config.podman.PodmanConfiguration;
+import nl.lexemmens.podman.executor.CommandExecutorDelegate;
+import org.apache.maven.plugin.logging.Log;
+
+/**
+ * Implementation of the <code>podman version</code> command
+ */
+public class PodmanSystemCommand extends AbstractPodmanCommand {
+
+    private static final String SUBCOMMAND = "system";
+
+    private PodmanSystemCommand(Log log, PodmanConfiguration podmanConfig, CommandExecutorDelegate delegate) {
+        super(log, podmanConfig, delegate, SUBCOMMAND, true);
+    }
+
+    /**
+     * Builder class for the Podman Version command
+     */
+    public static class Builder {
+
+        private final PodmanSystemCommand command;
+
+        public Builder(Log log, PodmanConfiguration podmanConfig, CommandExecutorDelegate delegate) {
+            this.command = new PodmanSystemCommand(log, podmanConfig, delegate);
+        }
+
+        public Builder info() {
+            command.withOption("info", null);
+            return this;
+        }
+
+        public Command build() {
+            return command;
+        }
+
+    }
+}

src/main/java/nl/lexemmens/podman/service/SecurityContextService.java

@@ -3,6 +3,7 @@
 
 import nl.lexemmens.podman.command.Command;
 import nl.lexemmens.podman.command.chcon.ChConCommand;
+import nl.lexemmens.podman.command.podman.PodmanSystemCommand;
 import nl.lexemmens.podman.command.sestatus.SeStatusCommand;
 import nl.lexemmens.podman.config.podman.PodmanConfiguration;
 import nl.lexemmens.podman.executor.CommandExecutorDelegate;
@@ -12,15 +13,19 @@
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.util.List;
 import java.util.Optional;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 public class SecurityContextService {
 
     private static final String TARGET_SECURITY_CONTEXT_TYPE = "data_home_t";
 
     private static final Pattern SELINUX_STATUS_REGEX = Pattern.compile("(SELinux status:\\s*)(enabled|disabled)");
+
+    private static final Pattern GRAPH_ROOT_PATTERN = Pattern.compile("(graphRoot: )([a-zA-Z\\/\\.]+)");
     private static final String UNKNOWN = "unknown";
 
     private final Log log;
@@ -73,7 +78,7 @@ private boolean isSELinuxEnabled() throws MojoExecutionException {
 
     private String extractSeLinuxStatus(String line) {
         Matcher seLinuxStatusMatcher = SELINUX_STATUS_REGEX.matcher(line);
-        if(seLinuxStatusMatcher.matches()) {
+        if (seLinuxStatusMatcher.matches()) {
             return seLinuxStatusMatcher.group(2);
         } else {
             log.warn("Unable to determine if SELinux is enabled! Continuing without setting proper security context.");
@@ -98,15 +103,38 @@ private void doSetSecurityContext() throws MojoExecutionException {
                 );
             }
 
-            // If the directory is created, set the security context
-            Command chconCommand = new ChConCommand.Builder(log, delegate)
-                    .withRecursiveOption()
-                    .withReferenceDirectory("/var/lib/containers/storage", podmanCfg.getRoot().getAbsolutePath())
-                    .build();
-
-            chconCommand.execute();
+            List<String> graphRootCmdOutput = new PodmanSystemCommand.Builder(log, podmanCfg, delegate)
+                    .info()
+                    .build()
+                    .execute()
+                    .stream()
+                    .filter(output -> output.matches("(graphRoot: )([a-zA-Z\\/\\.]+)"))
+                    .collect(Collectors.toList());
+
+            if(graphRootCmdOutput.size() == 1) {
+                String graphRoot = graphRootCmdOutput.get(0);
+                Matcher graphRootMatcher = GRAPH_ROOT_PATTERN.matcher(graphRoot);
+                if(graphRootMatcher.matches()) {
+                    String graphRootLocation = graphRootMatcher.group(2);
+                    log.info("Determined graphRoot location to be: " + graphRootLocation + ". Executing chcon using this directory as reference...");
+                    executeChConCommand(graphRootLocation);
+                } else {
+                    log.warn("Failed to determine Podman's storage location from output " + graphRoot);
+                }
+            } else {
+                log.warn("Failed to determine Podman's storage location. If SELinux is enabled, this may cause unexpected behaviour.");
+            }
         }
+    }
+
+    private void executeChConCommand(String referenceStorageLocation) throws MojoExecutionException {
+        // If the directory is created, set the security context
+        Command chconCommand = new ChConCommand.Builder(log, delegate)
+                .withRecursiveOption()
+                .withReferenceDirectory(referenceStorageLocation, podmanCfg.getRoot().getAbsolutePath())
+                .build();
 
+        chconCommand.execute();
     }
 
 

src/test/java/nl/lexemmens/podman/service/SecurityContextServiceTest.java

@@ -83,6 +83,7 @@ public void testSetSecurityContextSELinuxEnabledCustomRoot() throws MojoExecutio
         assertEquals(1, commandExecutions.size());
         verify(log, times(1)).debug("Checking SELinux status...");
         verify(log, times(1)).debug("SELinux is enabled");
+        verify(log, times(1)).info("Determined graphRoot location to be: /var/lib/containers/storage. Executing chcon using this directory as reference...");
         verify(log, times(0)).debug("Using Podman default storage location. Assuming security context is set correctly " +
                 "for this location. Refer to the documentation of this plugin if you run into any issues.");
     }
@@ -106,6 +107,12 @@ public List<String> executeCommand(ProcessExecutor processExecutor) {
                 sestatusOutput.add(String.format("SELinux status: %s", seLinuxStatus));
                 return sestatusOutput;
             }
+
+            if(processExecutor.getCommand().contains("podman")) {
+                List<String> sestatusOutput = new ArrayList<>();
+                sestatusOutput.add("graphRoot: /var/lib/containers/storage");
+                return sestatusOutput;
+            }
             return processOutput;
         }