Blob Blame History Raw
From f8708968fa4d08f0aa7329d20e68407e7f41af97 Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Wed, 24 Jun 2015 20:00:11 +0530
Subject: [PATCH 138/190] geo-rep: Fix ssh issue in geo-rep

In geo-rep mountbroker setup, workers fails with
'Permission Denied' even though the public keys
are shared to all the slave nodes. The issue
is with selinux context not being set for .ssh
and .ssh/authorizedkeys. Doing restorecon on
these entries to set default selinux security
context fixes the issue.

BUG: 1224199
Change-Id: I272172b78f0d28e7f14420918a2f1206e52a58a7
Reviewed-on: http://review.gluster.org/11383
Reviewed-on: http://review.gluster.org/11384
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Reviewed-by: darshan n <dnarayan@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/51607
Tested-by: Venky Shankar <vshankar@redhat.com>
---
 extras/peer_add_secret_pub.in |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/extras/peer_add_secret_pub.in b/extras/peer_add_secret_pub.in
index e3a9aa2..c9674af 100644
--- a/extras/peer_add_secret_pub.in
+++ b/extras/peer_add_secret_pub.in
@@ -53,6 +53,13 @@ if [ ! -d $authorized_keys_file ]; then
     chown $user: $authorized_keys_file;
 fi
 
+# Restore SELinux security contexts. This is required
+# for passwdless SSH to work.
+
+if type restorecon >/dev/null 2>&1; then
+    restorecon -F $ssh_dir $authorized_keys_file;
+fi
+
 # Add to authorized_keys file only if not exists already
 while read line
 do
-- 
1.7.1