Ensure network configuration file has proper permissionsnetwork-fixes

As network configuration file is created as temporary file, it has stricter permissions than
we need for the target system configuration file. Ensure permissions are properly reset before
installing file.

If permissions are not re-set, system may have no networking enabled after reboot.

1 files changed, 10 insertions, 0 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index e3b9dfbab..1caf9c1ee 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -23,6 +23,7 @@ try:
     import sys
 
     import os
+    import stat
     import time
     import socket
     import logging
@@ -564,6 +565,9 @@ $)''', re.VERBOSE)
                             statestore.backup_state('network', 'hostname', value)
                 new_config.write(new_line)
         new_config.flush()
+        # Make sure the resulting file is readable by others before installing it
+        os.fchmod(new_config.fileno(), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
+        os.fchown(new_config.fileno(), 0, 0)
 
     # At this point new_config is closed but not removed due to 'delete=False' above
     # Now, install the temporary file as configuration and ensure old version is available as .orig
@@ -574,6 +578,12 @@ $)''', re.VERBOSE)
     except CalledProcessError, e:
         print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e))
 
+    # For SE Linux environments it is important to reset SE labels to the expected ones
+    try:
+        ipautil.run(['/sbin/restorecon', network_filename])
+    except CalledProcessError, e:
+        print >>sys.stderr, "Failed to set permissions for %s (%s)." % (network_filename, str(e))
+
 def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
     sssdconfig = SSSDConfig.SSSDConfig()
     sssdconfig.new_config()