From 755e97ca9a47268d357ffc98ca9635ed7fb3fea3 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 30 Jul 2020 15:41:27 -0400
Subject: [PATCH] Fix SELinux context on local init

Files generated during osdeploy -l need to have correct context.
---
 confluent_server/bin/osdeploy | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/confluent_server/bin/osdeploy b/confluent_server/bin/osdeploy
index 760ab208..4c10f25d 100644
--- a/confluent_server/bin/osdeploy
+++ b/confluent_server/bin/osdeploy
@@ -56,6 +56,7 @@ def local_node_trust_setup():
     allnodes, domain = selfservice.get_cluster_list()
     myname = collective.get_myname()
     myprincipals = set([myname])
+    restorecon = os.path.exists('/usr/sbin/restorecon')
     neededlines = set([
         'HostbasedAuthentication yes', 'HostbasedUsesNameFromPacketOnly yes',
         'IgnoreRhosts no'])
@@ -70,6 +71,8 @@ def local_node_trust_setup():
             os.unlink(certfile)
         with open(certfile, 'w') as certout:
             certout.write(cert)
+        if restorecon:
+            subprocess.check_call(['/usr/sbin/restorecon', certfile])
     with open('/etc/ssh/sshd_config', 'r') as sshconf:
         currconfig = sshconf.read().split('\n')
     for conline in currconfig:
@@ -86,6 +89,10 @@ def local_node_trust_setup():
     with open('/root/.shosts', 'w') as equivout:
         for node in util.natural_sort(allnodes):
             equivout.write(node + '\n')
+    if restorecon:
+        subprocess.check_call(
+            ['/usr/sbin/restorecon',
+            '/etc/ssh/shosts.equiv', '/root/.shosts'])
 
 
 def install_tftp_content():