From 13dd4b108c82255387bce5c6bd58da48a130642c Mon Sep 17 00:00:00 2001
From: Anhad Jai Singh <ajaisingh@tower-research.com>
Date: Fri, 10 Feb 2017 20:52:55 +0530
Subject: [PATCH] Add 9p to list of special filesystems for selinux

When trying to copy files onto a Virtio-9p filesystem[1][2] int the host
using something like the template module, ansible throws an error that
says something like:

    invalid selinux context: [Errno 95] Operation not supported

Adding 9p to the list of exceptional filesystems forces ansible to not
try to set an SELinux context on copied files.

[1] such as one mounted in a qemu VM, using:

    # http://www.linux-kvm.org/page/9p_virtio
    qemu-kvm [...] -virtfs local,id=apps_dev,path=/host/dir,security_model=passthrough,mount_tag=host_dir

[2] https://www.kernel.org/doc/Documentation/filesystems/9p.txt

Change-Id: Ia868dadce1ffd2b5bebf5ee1804501676e9d7e5f
---
 examples/ansible.cfg     | 2 +-
 lib/ansible/constants.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/ansible.cfg b/examples/ansible.cfg
index 291311ae2b8..40126ee91ad 100644
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -372,7 +372,7 @@
 # file systems that require special treatment when dealing with security context
 # the default behaviour that copies the existing context or uses the user default
 # needs to be changed to use the file system dependent context.
-#special_context_filesystems=nfs,vboxsf,fuse,ramfs
+#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
 
 # Set this to yes to allow libvirt_lxc connections to work without SELinux.
 #libvirt_lxc_noseclabel = yes
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py
index 3ee21a286fb..299917b75fc 100644
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -246,7 +246,7 @@ DEFAULT_NO_TARGET_SYSLOG   = get_config(p, DEFAULTS, 'no_target_syslog', 'ANSIBL
 ALLOW_WORLD_READABLE_TMPFILES = get_config(p, DEFAULTS, 'allow_world_readable_tmpfiles', None, False, value_type='boolean')
 
 # selinux
-DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs', value_type='list')
+DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs, 9p', value_type='list')
 DEFAULT_LIBVIRT_LXC_NOSECLABEL = get_config(p, 'selinux', 'libvirt_lxc_noseclabel', 'LIBVIRT_LXC_NOSECLABEL', False, value_type='boolean')
 
 ### PRIVILEGE ESCALATION ###