(#17488) Handle SELinux errors gracefully
Without this patch applied the SELinux support in Puppet does not
gracefully handle errors when running unprivileged. This is a problem
because puppet --noop is often run as a normal user.
This patch addresses the problem by catching exceptions raised for no
such file or directory and permission denied errors. Puppet issues a
warning when these exceptions are handled.
The behavior without this patch applied is:
[jeff@pe-centos6 ~]$ puppet apply --noop --execute "file { '/root/chuj': ensure => absent; }"
Permission denied - /root/chujWhich causes Puppet to prematurely abort. With this patch applied,
Puppet finishes the catalog run and issues a warning to the user:
[jeff@pe-centos6 ~]$ puppet apply --noop --execute "file { '/root/chuj': ensure => present; }"
Warning: /File[/root/chuj]/seluser: Could not stat; Permission denied - /root/chuj
Warning: /File[/root/chuj]/selrole: Could not stat; Permission denied - /root/chuj
Warning: /File[/root/chuj]/seltype: Could not stat; Permission denied - /root/chuj
Warning: /File[/root/chuj]/selrange: Could not stat; Permission denied - /root/chuj
Warning: /File[/root/chuj]: Could not stat; permission denied
/File[/root/chuj]/ensure: current_value absent, should be present (noop)
Class[Main]: Would have triggered 'refresh' from 1 events
Stage[main]: Would have triggered 'refresh' from 1 events
Finished catalog run in 0.04 seconds