From a2d760b7369059731a6cfbe673e117a553511a20 Mon Sep 17 00:00:00 2001
From: Michael DeHaan <mdehaan@redhat.com>
Date: Mon, 21 Jan 2008 12:47:23 -0500
Subject: Enforce permissions/context after reposync.

---
 cobbler/action_reposync.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'cobbler/action_reposync.py')

diff --git a/cobbler/action_reposync.py b/cobbler/action_reposync.py
index 70656af..535b9b4 100644
--- a/cobbler/action_reposync.py
+++ b/cobbler/action_reposync.py
@@ -72,6 +72,7 @@ class RepoSync:
                 self.do_rsync(repo)
             else:
                 self.do_reposync(repo)
+            self.update_permissions(repo_path)
 
         return True
     
@@ -269,4 +270,27 @@ class RepoSync:
                 print _("- createrepo failed.  Is it installed?")
             del fnames[:] # we're in the right place
 
+    # ==================================================================================
+
+    def update_permissions(self, repo_path):
+        """
+        Verifies that permissions and contexts after an rsync are as expected.
+        Sending proper rsync flags should prevent the need for this, though this is largely
+        a safeguard.
+        """
+        # all_path = os.path.join(repo_path, "*")
+        cmd1 = "chown -R root:apache %s" % repo_path
+        sub_process.call(cmd1, shell=True)
+
+        cmd2 = "chmod -R 640 %s" % repo_path
+        sub_process.call(cmd2, shell=True)
+
+        getenforce = "/usr/sbin/getenforce"
+        if os.path.exists(getenforce):
+            data = sub_process.Popen(getenforce, shell=True, stdout=sub_process.PIPE).communicate()[0]
+            if data.lower().find("disabled") == -1:
+                cmd3 = "chcon --reference /var/www %s" % repo_path
+                sub_process.call(cmd3, shell=True)
+
+
             
-- 
cgit