summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorharlowja <harlowja@virtualbox.rhel>2012-06-21 23:35:07 -0700
committerharlowja <harlowja@virtualbox.rhel>2012-06-21 23:35:07 -0700
commitba5fb03646f6318a0ace286da746b4bb32f75d5a (patch)
tree093ee35fab7f54a928aa49b48b1a8529b6ced401
parent23cf7e35bf9aa1cffc9d1bb2f20d362b57110723 (diff)
downloadvyos-cloud-init-ba5fb03646f6318a0ace286da746b4bb32f75d5a.tar.gz
vyos-cloud-init-ba5fb03646f6318a0ace286da746b4bb32f75d5a.zip
Fixup python selinux guards, only try to restore after we check if its useful to restore, fix test to work with selinux enabled sysystems
-rw-r--r--cloudinit/stages.py20
-rw-r--r--cloudinit/util.py26
-rw-r--r--tests/unittests/test_util.py13
3 files changed, 35 insertions, 24 deletions
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index 25f13fd4..cf5e6924 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -221,11 +221,12 @@ class Init(object):
(cfg_list, pkg_list) = self._get_datasources()
# Deep copy so that user-data handlers can not modify
# (which will affect user-data handlers down the line...)
- sys_cfg = copy.deepcopy(self.cfg)
- ds_deps = copy.deepcopy(self.ds_deps)
- (ds, dsname) = sources.find_source(sys_cfg, self.distro,
+ (ds, dsname) = sources.find_source(self.cfg,
+ self.distro,
self.paths,
- ds_deps, cfg_list, pkg_list)
+ copy.deepcopy(self.ds_deps),
+ cfg_list,
+ pkg_list)
LOG.debug("Loaded datasource %s - %s", dsname, ds)
if ds:
self.datasource = ds
@@ -408,7 +409,7 @@ class Modules(object):
def __init__(self, init, cfg_files=None):
self.datasource = init.datasource
self.cfg_files = cfg_files
- self.base_cfg = copy.deepcopy(init.cfg)
+ self.base_cfg = init.cfg
self.init = init
# Created on first use
self._cached_cfg = None
@@ -419,7 +420,8 @@ class Modules(object):
if self._cached_cfg is None:
self._cached_cfg = self._get_config()
LOG.debug("Loading 'module' config %s", self._cached_cfg)
- return self._cached_cfg
+ # Only give out a copy so that others can't modify this...
+ return copy.deepcopy(self._cached_cfg)
def _get_config(self):
t_cfgs = []
@@ -531,9 +533,11 @@ class Modules(object):
LOG.warn(("Module %s is verified on %s distros"
" but not on %s distro. It may or may not work"
" correctly."), name, worked_distros, d_name)
- # Deep copy the config so that modules can't alter it
# Use the configs logger and not our own
- func_args = [name, copy.deepcopy(self.cfg),
+ # TODO: possibly check the module
+ # for having a LOG attr and just give it back
+ # its own logger?
+ func_args = [name, self.cfg,
cc, config.LOG, args]
# Mark it as having started running
am_ran += 1
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 3aa4e462..332b8379 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -35,6 +35,7 @@ import pwd
import random
import shutil
import socket
+import stat
import string # pylint: disable=W0402
import subprocess
import sys
@@ -132,14 +133,24 @@ class SeLinuxGuard(object):
self.enabled = True
def __enter__(self):
- # TODO: Should we try to engage selinux here??
return self.enabled
def __exit__(self, excp_type, excp_value, excp_traceback):
if self.enabled:
- LOG.debug("Restoring selinux mode for %s (recursive=%s)",
- self.path, self.recursive)
- selinux.restorecon(self.path, recursive=self.recursive)
+ path = os.path.realpath(os.path.expanduser(self.path))
+ do_restore = False
+ try:
+ # See if even worth restoring??
+ stats = os.lstat(path)
+ if stat.ST_MODE in stats:
+ selinux.matchpathcon(path, stats[stat.ST_MODE])
+ do_restore = True
+ except OSError:
+ pass
+ if do_restore:
+ LOG.debug("Restoring selinux mode for %s (recursive=%s)",
+ path, self.recursive)
+ selinux.restorecon(path, recursive=self.recursive)
class MountFailedError(Exception):
@@ -1067,8 +1078,7 @@ def ensure_dir(path, mode=None):
if not os.path.isdir(path):
# Make the dir and adjust the mode
LOG.debug("Ensuring directory exists at path %s", path)
- # TODO: check if guard needed??
- with SeLinuxGuard(path=os.path.dirname(path)):
+ with SeLinuxGuard(os.path.dirname(path), recursive=True):
os.makedirs(path)
chmod(path, mode)
else:
@@ -1222,8 +1232,7 @@ def chmod(path, mode):
if path and real_mode:
LOG.debug("Adjusting the permissions of %s (perms=%o)",
path, real_mode)
- # TODO: check if guard needed??
- with SeLinuxGuard(path=path):
+ with SeLinuxGuard(path):
os.chmod(path, real_mode)
@@ -1239,7 +1248,6 @@ def write_file(filename, content, mode=0644, omode="wb"):
"""
ensure_dir(os.path.dirname(filename))
LOG.debug("Writing to %s - %s, %s bytes", filename, omode, len(content))
- # TODO: check if guard needed??
with SeLinuxGuard(path=filename):
with open(filename, omode) as fh:
fh.write(content)
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index ba565b29..3be6e186 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -71,7 +71,7 @@ class TestGetCfgOptionListOrStr(TestCase):
"""None is returned if key is not found and no default given."""
config = {}
result = util.get_cfg_option_list(config, "key")
- self.assertIsNone(result)
+ self.assertEqual(None, result)
def test_not_found_with_default(self):
"""Default is returned if key is not found."""
@@ -166,14 +166,13 @@ class TestWriteFile(MockerTestCase):
"selinux.restorecon", passthrough=False)
mock_is_selinux_enabled = self.mocker.replace(
"selinux.is_selinux_enabled", passthrough=False)
- mock_is_selinux_enabled.result(True)
- mock_restorecon(path)
+ mock_is_selinux_enabled()
+ self.mocker.result(True)
+ mock_restorecon("/etc/hosts", recursive=False)
+ self.mocker.result(True)
self.mocker.replay()
- old = util.HAVE_LIBSELINUX
- util.HAVE_LIBSELINUX = True
- with util.SeLinuxGuard(self.tmp) as is_on:
+ with util.SeLinuxGuard("/etc/hosts") as is_on:
self.assertTrue(is_on)
- util.HAVE_LIBSELINUX = old
except ImportError:
pass