rpms/cloud-init
6
1
Fork 1
Code Issues Pull Requests Releases Activity

Consolidate selinux file context patches

Browse Source
This commit is contained in:
Garrett Holmstrom 2011-09-28 15:46:10 -07:00
parent ae2090cde8
commit a2171c6d7b
7 changed files with 80 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
cloud-init-0.6.2-filecontext.patch Normal file
View File

@ -0,0 +1,69 @@
Index: cloud-init/cloudinit/SshUtil.py
===================================================================
--- cloud-init.orig/cloudinit/SshUtil.py
+++ cloud-init/cloudinit/SshUtil.py
@@ -147,6 +147,7 @@ def setup_user_keys(keys, user, key_pref
util.write_file(authorized_keys, content, 0600)
os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
+ util.restorecon_if_possible(ssh_dir, recursive=True)
os.umask(saved_umask)
Index: cloud-init/cloudinit/util.py
===================================================================
--- cloud-init.orig/cloudinit/util.py
+++ cloud-init/cloudinit/util.py
@@ -28,6 +28,12 @@ import time
import traceback
import re
+try:
+ import selinux
+ HAVE_LIBSELINUX = True
+except ImportError:
+ HAVE_LIBSELINUX = False
+
def read_conf(fname):
try:
stream = open(fname,"r")
@@ -113,6 +119,11 @@ def write_file(file,content,mode=0644,om
os.chmod(file,mode)
f.write(content)
f.close()
+ restorecon_if_possible(file)
+
+def restorecon_if_possible(path, recursive=False):
+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
+ selinux.restorecon(path, recursive=recursive)
# get keyid from keyserver
def getkeybyid(keyid,keyserver):
Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py
===================================================================
--- cloud-init.orig/cloudinit/CloudConfig/cc_puppet.py
+++ cloud-init/cloudinit/CloudConfig/cc_puppet.py
@@ -22,6 +22,7 @@ import subprocess
import StringIO
import ConfigParser
import cloudinit.CloudConfig as cc
+import cloudinit.util as util
def handle(name,cfg,cloud,log,args):
# If there isn't a puppet key in the configuration don't do anything
@@ -58,6 +59,7 @@ def handle(name,cfg,cloud,log,args):
ca_fh.close()
os.chown('/var/lib/puppet/ssl/certs/ca.pem',
pwd.getpwnam('puppet').pw_uid, 0)
+ util.restorecon_if_possible('/var/lib/puppet', recursive=True)
else:
#puppet_conf_fh.write("\n[%s]\n" % (cfg_name))
# If puppet.conf already has this section we don't want to write it again
@@ -81,6 +83,7 @@ def handle(name,cfg,cloud,log,args):
os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old')
with open('/etc/puppet/puppet.conf', 'wb') as configfile:
puppet_config.write(configfile)
+ util.restorecon_if_possible('/etc/puppet/puppet.conf')
# Set puppet default file to automatically start
subprocess.check_call(['sed', '-i',
'-e', 's/^START=.*/START=yes/',

35
cloud-init-0.6.2-puppetcontext.patch
View File

@ -1,35 +0,0 @@
Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py
===================================================================
--- cloud-init.orig/cloudinit/CloudConfig/cc_puppet.py
+++ cloud-init/cloudinit/CloudConfig/cc_puppet.py
@@ -23,6 +23,12 @@ import StringIO
import ConfigParser
import cloudinit.CloudConfig as cc
+try:
+ import selinux
+ HAVE_LIBSELINUX = True
+except ImportError:
+ HAVE_LIBSELINUX = False
+
def handle(name,cfg,cloud,log,args):
# If there isn't a puppet key in the configuration don't do anything
if not cfg.has_key('puppet'): return
@@ -58,6 +64,8 @@ def handle(name,cfg,cloud,log,args):
ca_fh.close()
os.chown('/var/lib/puppet/ssl/certs/ca.pem',
pwd.getpwnam('puppet').pw_uid, 0)
+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
+ selinux.restorecon('/var/lib/puppet', recursive=True)
else:
#puppet_conf_fh.write("\n[%s]\n" % (cfg_name))
# If puppet.conf already has this section we don't want to write it again
@@ -81,6 +89,8 @@ def handle(name,cfg,cloud,log,args):
os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old')
with open('/etc/puppet/puppet.conf', 'wb') as configfile:
puppet_config.write(configfile)
+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
+ selinux.restorecon('/etc/puppet/puppet.conf')
# Set puppet default file to automatically start
subprocess.check_call(['sed', '-i',
'-e', 's/^START=.*/START=yes/',

6
cloud-init-0.6.2-puppetenable.patch
View File

@ -10,10 +10,10 @@ Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py
import pwd import pwd
import socket import socket
import subprocess import subprocess
@@ -91,10 +92,15 @@ def handle(name,cfg,cloud,log,args): @@ -84,10 +85,15 @@ def handle(name,cfg,cloud,log,args):
with open('/etc/puppet/puppet.conf', 'wb') as configfile:
puppet_config.write(configfile) puppet_config.write(configfile)
if HAVE_LIBSELINUX and selinux.is_selinux_enabled(): util.restorecon_if_possible('/etc/puppet/puppet.conf')
selinux.restorecon('/etc/puppet/puppet.conf')
- # Set puppet default file to automatically start - # Set puppet default file to automatically start
- subprocess.check_call(['sed', '-i', - subprocess.check_call(['sed', '-i',
- '-e', 's/^START=.*/START=yes/', - '-e', 's/^START=.*/START=yes/',

2
cloud-init-0.6.2-runparts-emptydir.patch
View File

@ -2,7 +2,7 @@ Index: cloud-init/cloudinit/util.py
=================================================================== ===================================================================
--- cloud-init.orig/cloudinit/util.py --- cloud-init.orig/cloudinit/util.py
+++ cloud-init/cloudinit/util.py +++ cloud-init/cloudinit/util.py
@@ -133,7 +133,8 @@ def getkeybyid(keyid,keyserver): @@ -145,7 +145,8 @@ def getkeybyid(keyid,keyserver):
def runparts(dirp, skip_no_exist=True): def runparts(dirp, skip_no_exist=True):
if skip_no_exist and not os.path.isdir(dirp): return if skip_no_exist and not os.path.isdir(dirp): return

26
cloud-init-0.6.2-sshcontext.patch
View File

@ -1,26 +0,0 @@
Index: cloud-init/cloudinit/SshUtil.py
===================================================================
--- cloud-init.orig/cloudinit/SshUtil.py
+++ cloud-init/cloudinit/SshUtil.py
@@ -4,6 +4,12 @@ import os
import os.path
import cloudinit.util as util
+try:
+ import selinux
+ HAVE_LIBSELINUX = True
+except ImportError:
+ HAVE_LIBSELINUX = False
+
class AuthKeyEntry():
# lines are options, keytype, base64-encoded key, comment
# man page says the following which I did not understand:
@@ -147,6 +153,8 @@ def setup_user_keys(keys, user, key_pref
util.write_file(authorized_keys, content, 0600)
os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
+ if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
+ selinux.restorecon(ssh_dir, recursive=True)
os.umask(saved_umask)

2
cloud-init-0.6.2-sshkeytypes.patch
View File

@ -21,7 +21,7 @@ Index: cloud-init/cloudinit/util.py
=================================================================== ===================================================================
--- cloud-init.orig/cloudinit/util.py --- cloud-init.orig/cloudinit/util.py
+++ cloud-init/cloudinit/util.py +++ cloud-init/cloudinit/util.py
@@ -77,6 +77,7 @@ def get_cfg_option_str(yobj, key, defaul @@ -84,6 +84,7 @@ def get_cfg_option_str(yobj, key, defaul
def get_cfg_option_list_or_str(yobj, key, default=None): def get_cfg_option_list_or_str(yobj, key, default=None):
if not yobj.has_key(key): return default if not yobj.has_key(key): return default

12
cloud-init.spec
View File

@ -2,7 +2,7 @@
Name: cloud-init Name: cloud-init
Version: 0.6.2 Version: 0.6.2
Release: 0.5.bzr457%{?dist} Release: 0.6.bzr457%{?dist}
Summary: Cloud instance init scripts Summary: Cloud instance init scripts
Group: System Environment/Base Group: System Environment/Base
@ -19,14 +19,12 @@ Patch0: cloud-init-0.6.2-fedora.patch
# Add systemd support (not yet upstream) # Add systemd support (not yet upstream)
Patch2: cloud-init-0.6.2-systemd.patch Patch2: cloud-init-0.6.2-systemd.patch
# Restore SSH files' selinux contexts (not yet upstream) # Restore created files' selinux contexts (not yet upstream)
Patch3: cloud-init-0.6.2-sshcontext.patch Patch3: cloud-init-0.6.2-filecontext.patch
# Make locale file location configurable (not yet upstream) # Make locale file location configurable (not yet upstream)
Patch4: cloud-init-0.6.2-localefile.patch Patch4: cloud-init-0.6.2-localefile.patch
# Write timezone data to /etc/sysconfig/clock (not yet upstream) # Write timezone data to /etc/sysconfig/clock (not yet upstream)
Patch5: cloud-init-0.6.2-tzsysconfig.patch Patch5: cloud-init-0.6.2-tzsysconfig.patch
# Restore puppet files' selinux contexts (not yet upstream)
Patch6: cloud-init-0.6.2-puppetcontext.patch
# Make enabling the puppet service work on Fedora (not yet upstream) # Make enabling the puppet service work on Fedora (not yet upstream)
Patch7: cloud-init-0.6.2-puppetenable.patch Patch7: cloud-init-0.6.2-puppetenable.patch
# Make the types of SSH keys to generate configurable (not yet upstream) # Make the types of SSH keys to generate configurable (not yet upstream)
@ -70,7 +68,6 @@ ssh keys and to let the user run various scripts.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch10 -p1 %patch10 -p1
@ -155,6 +152,9 @@ fi
%changelog %changelog
* Wed Sep 28 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.6.bzr457
- Consolidated selinux file context patches
* Sat Sep 24 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.5.bzr457 * Sat Sep 24 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.5.bzr457
- Rebased against upstream rev 457 - Rebased against upstream rev 457
- Added missing dependencies - Added missing dependencies