Bug: Apply SELinux context after binary replacement (#1678)

- Move SELinux context handling to internal/ghupdate for reuse - Make chcon a true fallback (only runs if semanage/restorecon unavailable) - Handle existing semanage rules with -m (modify) after -a (add) fails - Apply SELinux handling to both agent and hub updates - Add tests with proper skip behavior for SELinux systems --------- Co-authored-by: henrygd <hank@henrygd.me>
2026-03-22 05:36:15 +01:00 · 2026-01-27 23:39:17 +01:00
parent afcae025ae
commit 42da1e5a52
4 changed files with 127 additions and 43 deletions
--- a/internal/hub/update.go
+++ b/internal/hub/update.go
@@ -45,6 +45,11 @@ func Update(cmd *cobra.Command, _ []string) {
 		fmt.Printf("Warning: failed to set executable permissions: %v\n", err)
 	}

+	// Fix SELinux context if necessary
+	if err := ghupdate.HandleSELinuxContext(exePath); err != nil {
+		ghupdate.ColorPrintf(ghupdate.ColorYellow, "Warning: SELinux context handling: %v", err)
+	}
+
 	// Try to restart the service if it's running
 	restartService()
 }