Fixed SELinux context on apachectl after template repair

Tiket: ENT-13638
Signed-off-by: Ihor Aleksandrychiev <[email protected]>

Author: aleksandrychev

cfe_internal/enterprise/mission_portal.cf

@@ -175,20 +175,28 @@ bundle agent apachectl_patched_for_upgrade
         edit_template => "$(this.promise_dirname)/templates/apachectl.mustache",
         handle => "apachectl_content_pre_create_default_templated_files",
         template_method => "mustache",
-        template_data => parsejson( '{ "cfengine_enterprise_mission_portal_httpd_dir": "$(sys.workdir)/httpd" }');
+        template_data => parsejson( '{ "cfengine_enterprise_mission_portal_httpd_dir": "$(sys.workdir)/httpd" }'),
+        classes => results("bundle", "apachectl_file");
 
     _running_cfengine_version_where_templated_files_NOT_automatically_created::
       "$(sys.workdir)/httpd/bin/apachectl"
         create => "true",
         edit_template => "$(this.promise_dirname)/templates/apachectl.mustache",
         handle => "apachectl_content_post_create_default_templated_files",
         template_method => "mustache",
-        template_data => parsejson( '{ "cfengine_enterprise_mission_portal_httpd_dir": "$(sys.workdir)/httpd" }');
+        template_data => parsejson( '{ "cfengine_enterprise_mission_portal_httpd_dir": "$(sys.workdir)/httpd" }'),
+        classes => results("bundle", "apachectl_file");
 
     cfengine::
       "$(sys.workdir)/httpd/bin/apachectl"
         handle => "apachectl_perms",
         perms => mog( "0755", "root", "root" );
+
+  commands:
+      # This only runs if apachectl touched (repaired) and restorecon path exists
+      apachectl_file_repaired.default:_stdlib_path_exists_restorecon::
+        "$(default:paths.restorecon) -v $(sys.workdir)/httpd/bin/apachectl"
+          comment => "Ensure the templated apachectl has the correct SELinux context.";
 }
 
 bundle agent cfe_internal_enterprise_mission_portal_apache