According to the SELinux devs the return value from restorecon does not
necessarily reflect success/failure and recommended ignoring it. This
does that.
rob
>From e37d5a13b7972c1fa8fb08cfd5a46d70f009a420 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 19 Sep 2011 16:31:57 -0400
Subject: [PATCH] The return value of restorecon is not reliable, ignore it.
https://fedorahosted.org/freeipa/ticket/1816
---
ipapython/platform/redhat.py | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py
index 6d1d423..6bf8bf3 100644
--- a/ipapython/platform/redhat.py
+++ b/ipapython/platform/redhat.py
@@ -123,10 +123,14 @@ knownservices = RedHatServices()
def restore_context(filepath):
"""
restore security context on the file path
- SE Linux equivalent is /sbin/restorecon <filepath>
- """
- ipautil.run(["/sbin/restorecon", filepath])
+ SELinux equivalent is /sbin/restorecon <filepath>
+
+ restorecon's return values are not reliable so we have to
+ ignore them (BZ #739604).
+ ipautil.run() will do the logging.
+ """
+ ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
def backup_and_replace_hostname(fstore, statestore, hostname):
network_filename = "/etc/sysconfig/network"
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
