def _setup_selinux_for_keys(fs, sshdir): """Get selinux guests to ensure correct context on injected keys.""" if not fs.has_file(os.path.join("etc", "selinux")): return rclocal = os.path.join('etc', 'rc.local') rc_d = os.path.join('etc', 'rc.d') if not fs.has_file(rclocal) and fs.has_file(rc_d): rclocal = os.path.join(rc_d, 'rc.local') # Note some systems end rc.local with "exit 0" # and so to append there you'd need something like: # utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True) restorecon = [ '\n', '# Added by Nova to ensure injected ssh keys have the right context\n', 'restorecon -RF %s 2>/dev/null || :\n' % sshdir, ] if not fs.has_file(rclocal): restorecon.insert(0, '#!/bin/sh') _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True) fs.set_permissions(rclocal, 0o700)
def _setup_selinux_for_keys(fs, sshdir): """Get selinux guests to ensure correct context on injected keys.""" if not fs.has_file(os.path.join("etc", "selinux")): return rclocal = os.path.join('etc', 'rc.local') rc_d = os.path.join('etc', 'rc.d') if not fs.has_file(rclocal) and fs.has_file(rc_d): rclocal = os.path.join(rc_d, 'rc.local') # Note some systems end rc.local with "exit 0" # and so to append there you'd need something like: # utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True) restorecon = [ '\n', '# Added by Nova to ensure injected ssh keys have the right context\n', 'restorecon -RF %s 2>/dev/null || :\n' % sshdir, ] if not fs.has_file(rclocal): restorecon.insert(0, '#!/bin/sh') _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True) fs.set_permissions(rclocal, 0o700)
def _inject_files_into_fs(files, fs): for (path, contents) in files: # NOTE(wangpan): Ensure the parent dir of injecting file exists parent_dir = os.path.dirname(path) if (len(parent_dir) > 0 and parent_dir != "/" and not fs.has_file(parent_dir)): fs.make_path(parent_dir) fs.set_ownership(parent_dir, "root", "root") fs.set_permissions(parent_dir, 0o744) _inject_file_into_fs(fs, path, contents)
def _inject_files_into_fs(files, fs): for (path, contents) in files: # NOTE(wangpan): Ensure the parent dir of injecting file exists parent_dir = os.path.dirname(path) if (len(parent_dir) > 0 and parent_dir != "/" and not fs.has_file(parent_dir)): fs.make_path(parent_dir) fs.set_ownership(parent_dir, "root", "root") fs.set_permissions(parent_dir, 0o744) _inject_file_into_fs(fs, path, contents)