Set binary context on replicator binary

Sets valid SELinux file context for the copied `replicator` service binary, in order for the service to start on a SELinux-enabled worker machine.
cloudbase · Mar 11, 2024 · f434439 · f434439
1 parent 38466d2
commit f434439
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/coriolis/providers/replicator.py b/coriolis/providers/replicator.py
@@ -711,6 +711,14 @@ def _setup_certificates(self, ssh, args):
             },
         }
 
+    def _change_binary_se_context(self, ssh):
+        cmd = "sudo chcon -t bin_t %s" % REPLICATOR_PATH
+        try:
+            utils.exec_ssh_cmd(ssh, cmd, get_pty=True)
+        except exception.CoriolisException:
+            LOG.warn("Could not change SELinux context of replicator binary. "
+                     "Error was:%s", utils.get_exception_details())
+
     @utils.retry_on_error()
     def _setup_replicator(self, ssh):
         # copy the binary, set up the service, generate certificates,
@@ -723,6 +731,7 @@ def _setup_replicator(self, ssh):
 
         args = self._parse_replicator_conn_info(self._conn_info)
         self._copy_replicator_cmd(ssh)
+        self._change_binary_se_context(ssh)
         group_existed = self._setup_replicator_group(
             ssh, group_name=REPLICATOR_GROUP_NAME)
         if not group_existed: