예제 #1
0
def _setup_selinux_for_keys(fs, sshdir):
    """Get selinux guests to ensure correct context on injected keys."""

    if not fs.has_file(os.path.join("etc", "selinux")):
        return

    rclocal = os.path.join('etc', 'rc.local')
    rc_d = os.path.join('etc', 'rc.d')

    if not fs.has_file(rclocal) and fs.has_file(rc_d):
        rclocal = os.path.join(rc_d, 'rc.local')

    # Note some systems end rc.local with "exit 0"
    # and so to append there you'd need something like:
    #  utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True)
    restorecon = [
        '\n',
        '# Added by Nova to ensure injected ssh keys have the right context\n',
        'restorecon -RF %s 2>/dev/null || :\n' % sshdir,
    ]

    if not fs.has_file(rclocal):
        restorecon.insert(0, '#!/bin/sh')

    _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True)
    fs.set_permissions(rclocal, 0o700)
예제 #2
0
파일: api.py 프로젝트: mahak/nova 
def _setup_selinux_for_keys(fs, sshdir):
    """Get selinux guests to ensure correct context on injected keys."""

    if not fs.has_file(os.path.join("etc", "selinux")):
        return

    rclocal = os.path.join('etc', 'rc.local')
    rc_d = os.path.join('etc', 'rc.d')

    if not fs.has_file(rclocal) and fs.has_file(rc_d):
        rclocal = os.path.join(rc_d, 'rc.local')

    # Note some systems end rc.local with "exit 0"
    # and so to append there you'd need something like:
    #  utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True)
    restorecon = [
        '\n',
        '# Added by Nova to ensure injected ssh keys have the right context\n',
        'restorecon -RF %s 2>/dev/null || :\n' % sshdir,
    ]

    if not fs.has_file(rclocal):
        restorecon.insert(0, '#!/bin/sh')

    _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True)
    fs.set_permissions(rclocal, 0o700)
예제 #3
0
def _inject_files_into_fs(files, fs):
    for (path, contents) in files:
        # NOTE(wangpan): Ensure the parent dir of injecting file exists
        parent_dir = os.path.dirname(path)
        if (len(parent_dir) > 0 and parent_dir != "/"
                and not fs.has_file(parent_dir)):
            fs.make_path(parent_dir)
            fs.set_ownership(parent_dir, "root", "root")
            fs.set_permissions(parent_dir, 0o744)
        _inject_file_into_fs(fs, path, contents)
예제 #4
0
파일: api.py 프로젝트: mahak/nova 
def _inject_files_into_fs(files, fs):
    for (path, contents) in files:
        # NOTE(wangpan): Ensure the parent dir of injecting file exists
        parent_dir = os.path.dirname(path)
        if (len(parent_dir) > 0 and parent_dir != "/"
                and not fs.has_file(parent_dir)):
            fs.make_path(parent_dir)
            fs.set_ownership(parent_dir, "root", "root")
            fs.set_permissions(parent_dir, 0o744)
        _inject_file_into_fs(fs, path, contents)