1a48e76
Index: cloud-init-fedora/cloudinit/CloudConfig/cc_puppet.py
4907847
===================================================================
1a48e76
--- cloud-init-fedora.orig/cloudinit/CloudConfig/cc_puppet.py
1a48e76
+++ cloud-init-fedora/cloudinit/CloudConfig/cc_puppet.py
1a48e76
@@ -22,6 +22,7 @@ import subprocess
1a48e76
 import StringIO
1a48e76
 import ConfigParser
1a48e76
 import cloudinit.CloudConfig as cc
1a48e76
+import cloudinit.util as util
1a48e76
 
1a48e76
 def handle(name,cfg,cloud,log,args):
1a48e76
     # If there isn't a puppet key in the configuration don't do anything
1a48e76
@@ -58,6 +59,7 @@ def handle(name,cfg,cloud,log,args):
1a48e76
                 ca_fh.close()
1a48e76
                 os.chown('/var/lib/puppet/ssl/certs/ca.pem',
1a48e76
                          pwd.getpwnam('puppet').pw_uid, 0)
1a48e76
+                util.restorecon_if_possible('/var/lib/puppet', recursive=True)
1a48e76
             else:
1a48e76
                 #puppet_conf_fh.write("\n[%s]\n" % (cfg_name))
1a48e76
                 # If puppet.conf already has this section we don't want to write it again
1a48e76
@@ -81,6 +83,7 @@ def handle(name,cfg,cloud,log,args):
1a48e76
             os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old')
1a48e76
             with open('/etc/puppet/puppet.conf', 'wb') as configfile:
1a48e76
                 puppet_config.write(configfile)
1a48e76
+            util.restorecon_if_possible('/etc/puppet/puppet.conf')
1a48e76
     # Set puppet default file to automatically start
1a48e76
     subprocess.check_call(['sed', '-i',
1a48e76
                            '-e', 's/^START=.*/START=yes/',
1a48e76
Index: cloud-init-fedora/cloudinit/CloudConfig/cc_ssh.py
1a48e76
===================================================================
1a48e76
--- cloud-init-fedora.orig/cloudinit/CloudConfig/cc_ssh.py
1a48e76
+++ cloud-init-fedora/cloudinit/CloudConfig/cc_ssh.py
1a48e76
@@ -66,6 +66,8 @@ def handle(name,cfg,cloud,log,args):
1a48e76
         genkeys+='ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -t ecdsa -N ""; '
1a48e76
         subprocess.call(('sh', '-c', "{ %s } 
1a48e76
 
1a48e76
+    util.restorecon_if_possible('/etc/ssh', recursive=True)
1a48e76
+
1a48e76
     try:
1a48e76
         user = util.get_cfg_option_str(cfg,'user')
1a48e76
         disable_root = util.get_cfg_option_bool(cfg, "disable_root", True)
1a48e76
Index: cloud-init-fedora/cloudinit/SshUtil.py
1a48e76
===================================================================
1a48e76
--- cloud-init-fedora.orig/cloudinit/SshUtil.py
1a48e76
+++ cloud-init-fedora/cloudinit/SshUtil.py
a2171c6
@@ -147,6 +147,7 @@ def setup_user_keys(keys, user, key_pref
a2171c6
     util.write_file(authorized_keys, content, 0600)
a2171c6
 
a2171c6
     os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
a2171c6
+    util.restorecon_if_possible(ssh_dir, recursive=True)
a2171c6
 
a2171c6
     os.umask(saved_umask)
a2171c6
 
1a48e76
Index: cloud-init-fedora/cloudinit/util.py
a2171c6
===================================================================
1a48e76
--- cloud-init-fedora.orig/cloudinit/util.py
1a48e76
+++ cloud-init-fedora/cloudinit/util.py
a2171c6
@@ -28,6 +28,12 @@ import time
a2171c6
 import traceback
a2171c6
 import re
4907847
 
4907847
+try:
4907847
+    import selinux
4907847
+    HAVE_LIBSELINUX = True
4907847
+except ImportError:
4907847
+    HAVE_LIBSELINUX = False
4907847
+
a2171c6
 def read_conf(fname):
a2171c6
     try:
a2171c6
 	    stream = open(fname,"r")
a2171c6
@@ -113,6 +119,11 @@ def write_file(file,content,mode=0644,om
a2171c6
             os.chmod(file,mode)
a2171c6
         f.write(content)
a2171c6
         f.close()
a2171c6
+        restorecon_if_possible(file)
a2171c6
+
a2171c6
+def restorecon_if_possible(path, recursive=False):
a2171c6
+    if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
a2171c6
+        selinux.restorecon(path, recursive=recursive)
a2171c6
 
a2171c6
 # get keyid from keyserver
a2171c6
 def getkeybyid(keyid,keyserver):