Restore created files' selinux contexts

            
This adds a restorecon_if_possible method which uses selinux
python module, and uses that for files modified in /etc.

taken from
git://pkgs.fedoraproject.org/cloud-init.git
commit 87f33190f43d2b26cced4597e7298835024466c2
Author: Garrett Holmstrom <gholms@fedoraproject.org>
Patch3: cloud-init-0.6.2-filecontext.patch

1 files changed, 11 insertions, 0 deletions

diff --git a/cloudinit/util.py b/cloudinit/util.py
index 68ce674e..744fb71e 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -28,6 +28,12 @@ import time
 import traceback
 import re
 
+try:
+    import selinux
+    HAVE_LIBSELINUX = True
+except ImportError:
+    HAVE_LIBSELINUX = False
+
 def read_conf(fname):
     try:
 	    stream = open(fname,"r")
@@ -113,6 +119,11 @@ def write_file(file,content,mode=0644,omode="wb"):
             os.chmod(file,mode)
         f.write(content)
         f.close()
+        restorecon_if_possible(file)
+
+def restorecon_if_possible(path, recursive=False):
+    if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
+        selinux.restorecon(path, recursive=recursive)
 
 # get keyid from keyserver
 def getkeybyid(keyid,keyserver):