Restore selinux context on swift mount

Mounting devices without specifying or restoring context ends up with
default context file_t assigned for swift paths. On selinux systems it
is nice to at least try to preserve predefined contexts on paths.

Change-Id: I9b68c04cb0d4ee72c074e514db7141c3c077c978
Closes-Bug: rhbz#1095503
Closes-Bug: #1320853

manifests/storage/mount.pp

@@ -54,4 +54,21 @@ define swift::storage::mount(
     subscribe   => Exec["mount_${name}"],
     refreshonly => true,
   }
+
+  # mounting in linux and puppet is broken and non-atomic
+  # we have to mount, check mount with executing command,
+  # fix ownership and on selinux systems fix context.
+  # It would be definetly nice if passing options uid=,gid=
+  # would be possible as context is. But, as there already is
+  # chown command we'll just restorecon on selinux enabled
+  # systems :(
+  if ($::selinux) {
+    exec { "restorecon_mount_${name}":
+      command     => "restorecon ${mnt_base_dir}/${name}",
+      path        => ['/usr/sbin', '/bin'],
+      subscribe   => Exec["mount_${name}"],
+      before      =>  Exec["fix_mount_permissions_${name}"],
+      refreshonly => true,
+    }
+  }
 }

spec/defines/swift_storage_mount_spec.rb

@@ -39,4 +39,24 @@ describe 'swift::storage::mount' do
 
   end
 
+  describe 'when mounting a loopback device on selinux system' do
+    let :params do
+      {
+        :device => '/dev/sda'
+      }
+    end
+
+    let :facts do
+      {
+        :selinux => true,
+      }
+    end
+
+    it { should contain_exec("restorecon_mount_dans_mount_point").with(
+      {:command     => "restorecon /srv/node/dans_mount_point",
+       :path        => ['/usr/sbin', '/bin'],
+       :refreshonly => true}
+    )}
+
+  end
 end