From 3a64b9660ba0c495b35bc02f68f132e4cab5ed58 Mon Sep 17 00:00:00 2001
From: Daniel Vincze <dvincze@cloudbasesolutions.com>
Date: Mon, 11 Mar 2024 20:35:08 +0200
Subject: [PATCH] Set binary context on replicator binary

Sets valid SELinux file context for the copied `replicator` service binary, in
order for the service to start on a SELinux-enabled worker machine.
---
 coriolis/providers/replicator.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/coriolis/providers/replicator.py b/coriolis/providers/replicator.py
index 15cbfd9de..acc9991fa 100644
--- a/coriolis/providers/replicator.py
+++ b/coriolis/providers/replicator.py
@@ -711,6 +711,14 @@ def _setup_certificates(self, ssh, args):
             },
         }
 
+    def _change_binary_se_context(self, ssh):
+        cmd = "sudo chcon -t bin_t %s" % REPLICATOR_PATH
+        try:
+            utils.exec_ssh_cmd(ssh, cmd, get_pty=True)
+        except exception.CoriolisException:
+            LOG.warn("Could not change SELinux context of replicator binary. "
+                     "Error was:%s", utils.get_exception_details())
+
     @utils.retry_on_error()
     def _setup_replicator(self, ssh):
         # copy the binary, set up the service, generate certificates,
@@ -723,6 +731,7 @@ def _setup_replicator(self, ssh):
 
         args = self._parse_replicator_conn_info(self._conn_info)
         self._copy_replicator_cmd(ssh)
+        self._change_binary_se_context(ssh)
         group_existed = self._setup_replicator_group(
             ssh, group_name=REPLICATOR_GROUP_NAME)
         if not group_existed: