From f5ded2e76ff777a9602fbe116ea9f12d0cc30c88 Mon Sep 17 00:00:00 2001 From: Jiri Hnidek Date: Fri, 18 Oct 2024 12:24:42 +0200 Subject: [PATCH] fix: Create consumer cert & key, when chown failed * When it wasn't possible to change group of consumer key.pem, due to missing SELinux rule, then consumer cert.pem was not created. rhsm.service should write only error log message to rhsm.log in this case --- src/subscription_manager/identity.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/subscription_manager/identity.py b/src/subscription_manager/identity.py index 7b59dc6bbf..ce6da30032 100644 --- a/src/subscription_manager/identity.py +++ b/src/subscription_manager/identity.py @@ -127,7 +127,13 @@ def write(self) -> None: # Set proper access permission to the key if os.getuid() == 0 and rhsm_group is not None: - os.chown(self.keypath(), 0, rhsm_group.gr_gid) + # Changing of owner can fail due to e.g. SELinux. When this + # operation fails, then we should only write error message, + # and we should create consumer cert.pem too + try: + os.chown(self.keypath(), 0, rhsm_group.gr_gid) + except OSError as err: + log.error(f"Unable to chown permissions of {self.keypath()}: {err}") os.chmod(self.keypath(), managerlib.ID_CERT_PERMS) with open(self.certpath(), "w") as cert_file: @@ -135,7 +141,10 @@ def write(self) -> None: # Set proper permission to consumer certificate if os.getuid() == 0 and rhsm_group is not None: - os.chown(self.certpath(), 0, rhsm_group.gr_gid) + try: + os.chown(self.certpath(), 0, rhsm_group.gr_gid) + except OSError as err: + log.error(f"Unable to chown permissions of {self.certpath()}: {err}") os.chmod(self.certpath(), managerlib.ID_CERT_PERMS) def delete(self) -> None: