diff options
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index e3b9dfbab..1caf9c1ee 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -23,6 +23,7 @@ try: import sys import os + import stat import time import socket import logging @@ -564,6 +565,9 @@ $)''', re.VERBOSE) statestore.backup_state('network', 'hostname', value) new_config.write(new_line) new_config.flush() + # Make sure the resulting file is readable by others before installing it + os.fchmod(new_config.fileno(), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) + os.fchown(new_config.fileno(), 0, 0) # At this point new_config is closed but not removed due to 'delete=False' above # Now, install the temporary file as configuration and ensure old version is available as .orig @@ -574,6 +578,12 @@ $)''', re.VERBOSE) except CalledProcessError, e: print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) + # For SE Linux environments it is important to reset SE labels to the expected ones + try: + ipautil.run(['/sbin/restorecon', network_filename]) + except CalledProcessError, e: + print >>sys.stderr, "Failed to set permissions for %s (%s)." % (network_filename, str(e)) + def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.new_config() |