Merge pull request #12536 from driskell/bug/12484_ssh_key_selinux

Fix #12484 by running restorecon on .ssh and authorized_keys file if they are created by ssh_auth.present state
2024-11-09 01:36:48 +00:00 · 2014-05-05 09:57:29 -06:00 · 2014-05-05 09:57:29 -06:00 · a5f72297ae
commit a5f72297ae
parent fec5d660ef add29d8c2a
1 changed files with 11 additions and 0 deletions
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -13,6 +13,7 @@ import re
 import hashlib
 import binascii
 import logging
+import subprocess

 # Import salt libs
 import salt.utils
@ -516,6 +517,11 @@ def set_auth_key(
            if os.geteuid() == 0:
                os.chown(dpath, uinfo['uid'], uinfo['gid'])
            os.chmod(dpath, 448)
+            # If SELINUX is available run a restorecon on the file
+            rcon = salt.utils.which('restorecon')
+            if rcon:
+                cmd = [rcon, dpath]
+                subprocess.call(cmd)

        if not os.path.isfile(fconfig):
            new_file = True
@ -539,6 +545,11 @@ def set_auth_key(
            if os.geteuid() == 0:
                os.chown(fconfig, uinfo['uid'], uinfo['gid'])
            os.chmod(fconfig, 384)
+            # If SELINUX is available run a restorecon on the file
+            rcon = salt.utils.which('restorecon')
+            if rcon:
+                cmd = [rcon, fconfig]
+                subprocess.call(cmd)
        return 'new'