Fix #12484 by running restorecon on .ssh and authorized_keys file if they are created by ssh_auth.present state

2024-11-09 01:36:48 +00:00 · 2014-05-05 10:19:18 +01:00 · 2014-05-05 10:19:18 +01:00 · add29d8c2a
commit add29d8c2a
parent 8fec19b07f
1 changed files with 11 additions and 0 deletions
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -13,6 +13,7 @@ import re
 import hashlib
 import binascii
 import logging
+import subprocess

 # Import salt libs
 import salt.utils
@ -516,6 +517,11 @@ def set_auth_key(
            if os.geteuid() == 0:
                os.chown(dpath, uinfo['uid'], uinfo['gid'])
            os.chmod(dpath, 448)
+            # If SELINUX is available run a restorecon on the file
+            rcon = salt.utils.which('restorecon')
+            if rcon:
+                cmd = [rcon, dpath]
+                subprocess.call(cmd)

        if not os.path.isfile(fconfig):
            new_file = True
@ -539,6 +545,11 @@ def set_auth_key(
            if os.geteuid() == 0:
                os.chown(fconfig, uinfo['uid'], uinfo['gid'])
            os.chmod(fconfig, 384)
+            # If SELINUX is available run a restorecon on the file
+            rcon = salt.utils.which('restorecon')
+            if rcon:
+                cmd = [rcon, fconfig]
+                subprocess.call(cmd)
        return 'new'