From ded677270c13e10c60793e7f0f29b2538beccfab Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Wed, 24 Jun 2015 20:00:11 +0530
Subject: geo-rep: Fix ssh issue in geo-rep

In geo-rep mountbroker setup, workers fails with
'Permission Denied' even though the public keys
are shared to all the slave nodes. The issue
is with selinux context not being set for .ssh
and .ssh/authorizedkeys. Doing restorecon on
these entries to set default selinux security
context fixes the issue.

BUG: 1235360
Reviewed-On: http://review.gluster.org/11383
Change-Id: Idd78e4b183bbeb196d00ee3d521c56d0985ca5d9
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/11384
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
---
 extras/peer_add_secret_pub.in | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'extras/peer_add_secret_pub.in')

diff --git a/extras/peer_add_secret_pub.in b/extras/peer_add_secret_pub.in
index e3a9aa2a48b..c9674af353d 100644
--- a/extras/peer_add_secret_pub.in
+++ b/extras/peer_add_secret_pub.in
@@ -53,6 +53,13 @@ if [ ! -d $authorized_keys_file ]; then
     chown $user: $authorized_keys_file;
 fi
 
+# Restore SELinux security contexts. This is required
+# for passwdless SSH to work.
+
+if type restorecon >/dev/null 2>&1; then
+    restorecon -F $ssh_dir $authorized_keys_file;
+fi
+
 # Add to authorized_keys file only if not exists already
 while read line
 do
-- 
cgit