From a2171c6d7bc909095ff772ff8dd007166407b8d5 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Wed, 28 Sep 2011 15:46:10 -0700 Subject: [PATCH] Consolidate selinux file context patches --- cloud-init-0.6.2-filecontext.patch | 69 ++++++++++++++++++++++++ cloud-init-0.6.2-puppetcontext.patch | 35 ------------ cloud-init-0.6.2-puppetenable.patch | 6 +-- cloud-init-0.6.2-runparts-emptydir.patch | 2 +- cloud-init-0.6.2-sshcontext.patch | 26 --------- cloud-init-0.6.2-sshkeytypes.patch | 2 +- cloud-init.spec | 12 ++--- 7 files changed, 80 insertions(+), 72 deletions(-) create mode 100644 cloud-init-0.6.2-filecontext.patch delete mode 100644 cloud-init-0.6.2-puppetcontext.patch delete mode 100644 cloud-init-0.6.2-sshcontext.patch diff --git a/cloud-init-0.6.2-filecontext.patch b/cloud-init-0.6.2-filecontext.patch new file mode 100644 index 0000000..42fe8c8 --- /dev/null +++ b/cloud-init-0.6.2-filecontext.patch @@ -0,0 +1,69 @@ +Index: cloud-init/cloudinit/SshUtil.py +=================================================================== +--- cloud-init.orig/cloudinit/SshUtil.py ++++ cloud-init/cloudinit/SshUtil.py +@@ -147,6 +147,7 @@ def setup_user_keys(keys, user, key_pref + util.write_file(authorized_keys, content, 0600) + + os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid) ++ util.restorecon_if_possible(ssh_dir, recursive=True) + + os.umask(saved_umask) + +Index: cloud-init/cloudinit/util.py +=================================================================== +--- cloud-init.orig/cloudinit/util.py ++++ cloud-init/cloudinit/util.py +@@ -28,6 +28,12 @@ import time + import traceback + import re + ++try: ++ import selinux ++ HAVE_LIBSELINUX = True ++except ImportError: ++ HAVE_LIBSELINUX = False ++ + def read_conf(fname): + try: + stream = open(fname,"r") +@@ -113,6 +119,11 @@ def write_file(file,content,mode=0644,om + os.chmod(file,mode) + f.write(content) + f.close() ++ restorecon_if_possible(file) ++ ++def restorecon_if_possible(path, recursive=False): ++ if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): ++ selinux.restorecon(path, recursive=recursive) + + # get keyid from keyserver + def getkeybyid(keyid,keyserver): +Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py +=================================================================== +--- cloud-init.orig/cloudinit/CloudConfig/cc_puppet.py ++++ cloud-init/cloudinit/CloudConfig/cc_puppet.py +@@ -22,6 +22,7 @@ import subprocess + import StringIO + import ConfigParser + import cloudinit.CloudConfig as cc ++import cloudinit.util as util + + def handle(name,cfg,cloud,log,args): + # If there isn't a puppet key in the configuration don't do anything +@@ -58,6 +59,7 @@ def handle(name,cfg,cloud,log,args): + ca_fh.close() + os.chown('/var/lib/puppet/ssl/certs/ca.pem', + pwd.getpwnam('puppet').pw_uid, 0) ++ util.restorecon_if_possible('/var/lib/puppet', recursive=True) + else: + #puppet_conf_fh.write("\n[%s]\n" % (cfg_name)) + # If puppet.conf already has this section we don't want to write it again +@@ -81,6 +83,7 @@ def handle(name,cfg,cloud,log,args): + os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old') + with open('/etc/puppet/puppet.conf', 'wb') as configfile: + puppet_config.write(configfile) ++ util.restorecon_if_possible('/etc/puppet/puppet.conf') + # Set puppet default file to automatically start + subprocess.check_call(['sed', '-i', + '-e', 's/^START=.*/START=yes/', diff --git a/cloud-init-0.6.2-puppetcontext.patch b/cloud-init-0.6.2-puppetcontext.patch deleted file mode 100644 index 8af8bc0..0000000 --- a/cloud-init-0.6.2-puppetcontext.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py -=================================================================== ---- cloud-init.orig/cloudinit/CloudConfig/cc_puppet.py -+++ cloud-init/cloudinit/CloudConfig/cc_puppet.py -@@ -23,6 +23,12 @@ import StringIO - import ConfigParser - import cloudinit.CloudConfig as cc - -+try: -+ import selinux -+ HAVE_LIBSELINUX = True -+except ImportError: -+ HAVE_LIBSELINUX = False -+ - def handle(name,cfg,cloud,log,args): - # If there isn't a puppet key in the configuration don't do anything - if not cfg.has_key('puppet'): return -@@ -58,6 +64,8 @@ def handle(name,cfg,cloud,log,args): - ca_fh.close() - os.chown('/var/lib/puppet/ssl/certs/ca.pem', - pwd.getpwnam('puppet').pw_uid, 0) -+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): -+ selinux.restorecon('/var/lib/puppet', recursive=True) - else: - #puppet_conf_fh.write("\n[%s]\n" % (cfg_name)) - # If puppet.conf already has this section we don't want to write it again -@@ -81,6 +89,8 @@ def handle(name,cfg,cloud,log,args): - os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old') - with open('/etc/puppet/puppet.conf', 'wb') as configfile: - puppet_config.write(configfile) -+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): -+ selinux.restorecon('/etc/puppet/puppet.conf') - # Set puppet default file to automatically start - subprocess.check_call(['sed', '-i', - '-e', 's/^START=.*/START=yes/', diff --git a/cloud-init-0.6.2-puppetenable.patch b/cloud-init-0.6.2-puppetenable.patch index 0c39b69..655d71a 100644 --- a/cloud-init-0.6.2-puppetenable.patch +++ b/cloud-init-0.6.2-puppetenable.patch @@ -10,10 +10,10 @@ Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py import pwd import socket import subprocess -@@ -91,10 +92,15 @@ def handle(name,cfg,cloud,log,args): +@@ -84,10 +85,15 @@ def handle(name,cfg,cloud,log,args): + with open('/etc/puppet/puppet.conf', 'wb') as configfile: puppet_config.write(configfile) - if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): - selinux.restorecon('/etc/puppet/puppet.conf') + util.restorecon_if_possible('/etc/puppet/puppet.conf') - # Set puppet default file to automatically start - subprocess.check_call(['sed', '-i', - '-e', 's/^START=.*/START=yes/', diff --git a/cloud-init-0.6.2-runparts-emptydir.patch b/cloud-init-0.6.2-runparts-emptydir.patch index a6cf795..97eada3 100644 --- a/cloud-init-0.6.2-runparts-emptydir.patch +++ b/cloud-init-0.6.2-runparts-emptydir.patch @@ -2,7 +2,7 @@ Index: cloud-init/cloudinit/util.py =================================================================== --- cloud-init.orig/cloudinit/util.py +++ cloud-init/cloudinit/util.py -@@ -133,7 +133,8 @@ def getkeybyid(keyid,keyserver): +@@ -145,7 +145,8 @@ def getkeybyid(keyid,keyserver): def runparts(dirp, skip_no_exist=True): if skip_no_exist and not os.path.isdir(dirp): return diff --git a/cloud-init-0.6.2-sshcontext.patch b/cloud-init-0.6.2-sshcontext.patch deleted file mode 100644 index d6c454e..0000000 --- a/cloud-init-0.6.2-sshcontext.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: cloud-init/cloudinit/SshUtil.py -=================================================================== ---- cloud-init.orig/cloudinit/SshUtil.py -+++ cloud-init/cloudinit/SshUtil.py -@@ -4,6 +4,12 @@ import os - import os.path - import cloudinit.util as util - -+try: -+ import selinux -+ HAVE_LIBSELINUX = True -+except ImportError: -+ HAVE_LIBSELINUX = False -+ - class AuthKeyEntry(): - # lines are options, keytype, base64-encoded key, comment - # man page says the following which I did not understand: -@@ -147,6 +153,8 @@ def setup_user_keys(keys, user, key_pref - util.write_file(authorized_keys, content, 0600) - - os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid) -+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): -+ selinux.restorecon(ssh_dir, recursive=True) - - os.umask(saved_umask) - diff --git a/cloud-init-0.6.2-sshkeytypes.patch b/cloud-init-0.6.2-sshkeytypes.patch index d3eaadc..f2abe09 100644 --- a/cloud-init-0.6.2-sshkeytypes.patch +++ b/cloud-init-0.6.2-sshkeytypes.patch @@ -21,7 +21,7 @@ Index: cloud-init/cloudinit/util.py =================================================================== --- cloud-init.orig/cloudinit/util.py +++ cloud-init/cloudinit/util.py -@@ -77,6 +77,7 @@ def get_cfg_option_str(yobj, key, defaul +@@ -84,6 +84,7 @@ def get_cfg_option_str(yobj, key, defaul def get_cfg_option_list_or_str(yobj, key, default=None): if not yobj.has_key(key): return default diff --git a/cloud-init.spec b/cloud-init.spec index c8c3e44..4ffd553 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -2,7 +2,7 @@ Name: cloud-init Version: 0.6.2 -Release: 0.5.bzr457%{?dist} +Release: 0.6.bzr457%{?dist} Summary: Cloud instance init scripts Group: System Environment/Base @@ -19,14 +19,12 @@ Patch0: cloud-init-0.6.2-fedora.patch # Add systemd support (not yet upstream) Patch2: cloud-init-0.6.2-systemd.patch -# Restore SSH files' selinux contexts (not yet upstream) -Patch3: cloud-init-0.6.2-sshcontext.patch +# Restore created files' selinux contexts (not yet upstream) +Patch3: cloud-init-0.6.2-filecontext.patch # Make locale file location configurable (not yet upstream) Patch4: cloud-init-0.6.2-localefile.patch # Write timezone data to /etc/sysconfig/clock (not yet upstream) Patch5: cloud-init-0.6.2-tzsysconfig.patch -# Restore puppet files' selinux contexts (not yet upstream) -Patch6: cloud-init-0.6.2-puppetcontext.patch # Make enabling the puppet service work on Fedora (not yet upstream) Patch7: cloud-init-0.6.2-puppetenable.patch # Make the types of SSH keys to generate configurable (not yet upstream) @@ -70,7 +68,6 @@ ssh keys and to let the user run various scripts. %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 %patch7 -p1 %patch8 -p1 %patch10 -p1 @@ -155,6 +152,9 @@ fi %changelog +* Wed Sep 28 2011 Garrett Holmstrom - 0.6.2-0.6.bzr457 +- Consolidated selinux file context patches + * Sat Sep 24 2011 Garrett Holmstrom - 0.6.2-0.5.bzr457 - Rebased against upstream rev 457 - Added missing dependencies