Restore created files' selinux contexts

This adds a restorecon_if_possible method which uses selinux python module, and uses that for files modified in /etc. taken from git://pkgs.fedoraproject.org/cloud-init.git commit 87f33190f43d2b26cced4597e7298835024466c2 Author: Garrett Holmstrom <gholms@fedoraproject.org> Patch3: cloud-init-0.6.2-filecontext.patch
author: Scott Moser <smoser@ubuntu.com> 2011-10-30 17:17:03 -0400
committer: Scott Moser <smoser@ubuntu.com> 2011-10-30 17:17:03 -0400
commit: 25824d2007e062f32a7bf3c502eaf9b8f2bf4c15 (patch)
tree: 9a70da85e6faf0265386dac0ce7ea08d01ece44c /cloudinit/CloudConfig/cc_puppet.py
parent: 6d9f6dfcf7e28f398b426c18ca36adeec24f8061 (diff)
download: vyos-cloud-init-25824d2007e062f32a7bf3c502eaf9b8f2bf4c15.tar.gz
vyos-cloud-init-25824d2007e062f32a7bf3c502eaf9b8f2bf4c15.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/cloudinit/CloudConfig/cc_puppet.py b/cloudinit/CloudConfig/cc_puppet.py
index 64b7c237..1dcd6a75 100644
--- a/cloudinit/CloudConfig/cc_puppet.py
+++ b/cloudinit/CloudConfig/cc_puppet.py
@@ -22,6 +22,7 @@ import subprocess
 import StringIO
 import ConfigParser
 import cloudinit.CloudConfig as cc
+import cloudinit.util as util
 
 def handle(name,cfg,cloud,log,args):
     # If there isn't a puppet key in the configuration don't do anything
@@ -58,6 +59,7 @@ def handle(name,cfg,cloud,log,args):
                 ca_fh.close()
                 os.chown('/var/lib/puppet/ssl/certs/ca.pem',
                          pwd.getpwnam('puppet').pw_uid, 0)
+                util.restorecon_if_possible('/var/lib/puppet', recursive=True)
             else:
                 #puppet_conf_fh.write("\n[%s]\n" % (cfg_name))
                 # If puppet.conf already has this section we don't want to write it again
@@ -81,6 +83,7 @@ def handle(name,cfg,cloud,log,args):
             os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old')
             with open('/etc/puppet/puppet.conf', 'wb') as configfile:
                 puppet_config.write(configfile)
+            util.restorecon_if_possible('/etc/puppet/puppet.conf')
     # Set puppet default file to automatically start
     subprocess.check_call(['sed', '-i',
                            '-e', 's/^START=.*/START=yes/',
author	Scott Moser <smoser@ubuntu.com>	2011-10-30 17:17:03 -0400
committer	Scott Moser <smoser@ubuntu.com>	2011-10-30 17:17:03 -0400
commit	25824d2007e062f32a7bf3c502eaf9b8f2bf4c15 (patch)
tree	9a70da85e6faf0265386dac0ce7ea08d01ece44c /cloudinit/CloudConfig/cc_puppet.py
parent	6d9f6dfcf7e28f398b426c18ca36adeec24f8061 (diff)
download	vyos-cloud-init-25824d2007e062f32a7bf3c502eaf9b8f2bf4c15.tar.gz vyos-cloud-init-25824d2007e062f32a7bf3c502eaf9b8f2bf4c15.zip