(#17488) Handle SELinux errors gracefully
Without this patch applied the SELinux support in Puppet does not
gracefully handle errors when running unprivileged. This is a problem
because puppet --noop is often run as a normal user.
This patch addresses the problem by catching exceptions raised for no
such file or directory and permission denied errors. Puppet issues a
warning when these exceptions are handled.
The behavior without this patch applied is:
[jeff@pe-centos6 ~]$ puppet apply --noop --execute "file { '/root/chuj': ensure => absent; }" Permission denied - /root/chuj
Which causes Puppet to prematurely abort. With this patch applied,
Puppet finishes the catalog run and issues a warning to the user:
[jeff@pe-centos6 ~]$ puppet apply --noop --execute "file { '/root/chuj': ensure => present; }" Warning: /File[/root/chuj]/seluser: Could not stat; Permission denied - /root/chuj Warning: /File[/root/chuj]/selrole: Could not stat; Permission denied - /root/chuj Warning: /File[/root/chuj]/seltype: Could not stat; Permission denied - /root/chuj Warning: /File[/root/chuj]/selrange: Could not stat; Permission denied - /root/chuj Warning: /File[/root/chuj]: Could not stat; permission denied /File[/root/chuj]/ensure: current_value absent, should be present (noop) Class[Main]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.04 seconds