SeLinuxGuard: remove invalid check for sanity around restorecon, fix test

previous commit occurred because the selinux test was failing
in a schroot where there was no /etc/hosts.

Now, fix that test more correctly, and fix some bad assumptions in
the SeLinuxGuard.

3 files changed, 26 insertions, 27 deletions

diff --git a/ChangeLog b/ChangeLog
index 728b54b5..d52dfa47 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@
    [Dimitri John Ledkov]
  - change trunk debian packaging to use pybuild and drop cdbs.
    [Dimitri John Ledkov]
+ - SeLinuxGuard: remove invalid check that looked for stat.st_mode in os.lstat.
 0.7.5:
  - open 0.7.5
  - Add a debug log message around import failures
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 06039ee2..bc681f4a 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -146,23 +146,23 @@ class SeLinuxGuard(object):
             return False
 
     def __exit__(self, excp_type, excp_value, excp_traceback):
-        if self.selinux and self.selinux.is_selinux_enabled():
-            path = os.path.realpath(os.path.expanduser(self.path))
-            # path should be a string, not unicode
-            path = str(path)
-            do_restore = False
-            try:
-                # See if even worth restoring??
-                stats = os.lstat(path)
-                if stat.ST_MODE in stats:
-                    self.selinux.matchpathcon(path, stats[stat.ST_MODE])
-                    do_restore = True
-            except OSError:
-                pass
-            if do_restore:
-                LOG.debug("Restoring selinux mode for %s (recursive=%s)",
-                          path, self.recursive)
-                self.selinux.restorecon(path, recursive=self.recursive)
+        if not self.selinux or not self.selinux.is_selinux_enabled():
+            return
+        if not os.path.lexists(self.path):
+            return
+
+        path = os.path.realpath(self.path)
+        # path should be a string, not unicode
+        path = str(path)
+        try:
+            stats = os.lstat(path)
+            self.selinux.matchpathcon(path, stats[stat.ST_MODE])
+        except OSError:
+            return
+
+        LOG.debug("Restoring selinux mode for %s (recursive=%s)",
+                  path, self.recursive)
+        self.selinux.restorecon(path, recursive=self.recursive)
 
 
 class MountFailedError(Exception):
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index 618a317d..0cb41520 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -12,12 +12,6 @@ from cloudinit import importer
 from cloudinit import util
 
 
-try:
-    import selinux
-    HAS_SELINUX = True
-except ImportError:
-    HAS_SELINUX = False
-
 class FakeSelinux(object):
 
     def __init__(self, match_what):
@@ -128,19 +122,23 @@ class TestWriteFile(MockerTestCase):
             create_contents = f.read()
             self.assertEqual("LINE1\nHey there", create_contents)
 
-    @unittest.skipIf(not HAS_SELINUX, "selinux not available")
     def test_restorecon_if_possible_is_called(self):
         """Make sure the selinux guard is called correctly."""
+        my_file = os.path.join(self.tmp, "my_file")
+        with open(my_file, "w") as fp:
+            fp.write("My Content")
+
         import_mock = self.mocker.replace(importer.import_module,
                                           passthrough=False)
         import_mock('selinux')
-        fake_se = FakeSelinux('/etc/hosts')
+
+        fake_se = FakeSelinux(my_file)
         self.mocker.result(fake_se)
         self.mocker.replay()
-        with util.SeLinuxGuard("/etc/hosts") as is_on:
+        with util.SeLinuxGuard(my_file) as is_on:
             self.assertTrue(is_on)
         self.assertEqual(1, len(fake_se.restored))
-        self.assertEqual('/etc/hosts', fake_se.restored[0])
+        self.assertEqual(my_file, fake_se.restored[0])
 
 
 class TestDeleteDirContents(MockerTestCase):