fix: Create consumer cert & key, when chown failed

* When it wasn't possible to change group of consumer key.pem, due to missing SELinux rule, then consumer cert.pem was not created. rhsm.service should write only error log message to rhsm.log in this case
candlepin · Oct 18, 2024 · f5ded2e · f5ded2e
1 parent b568393
commit f5ded2e
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/subscription_manager/identity.py b/src/subscription_manager/identity.py
@@ -127,15 +127,24 @@ def write(self) -> None:
 
         # Set proper access permission to the key
         if os.getuid() == 0 and rhsm_group is not None:
-            os.chown(self.keypath(), 0, rhsm_group.gr_gid)
+            # Changing of owner can fail due to e.g. SELinux. When this
+            # operation fails, then we should only write error message,
+            # and we should create consumer cert.pem too
+            try:
+                os.chown(self.keypath(), 0, rhsm_group.gr_gid)
+            except OSError as err:
+                log.error(f"Unable to chown permissions of {self.keypath()}: {err}")
         os.chmod(self.keypath(), managerlib.ID_CERT_PERMS)
 
         with open(self.certpath(), "w") as cert_file:
             cert_file.write(self.cert)
 
         # Set proper permission to consumer certificate
         if os.getuid() == 0 and rhsm_group is not None:
-            os.chown(self.certpath(), 0, rhsm_group.gr_gid)
+            try:
+                os.chown(self.certpath(), 0, rhsm_group.gr_gid)
+            except OSError as err:
+                log.error(f"Unable to chown permissions of {self.certpath()}: {err}")
         os.chmod(self.certpath(), managerlib.ID_CERT_PERMS)
 
     def delete(self) -> None: