diff options
author | harlowja <harlowja@virtualbox.rhel> | 2012-06-21 23:35:07 -0700 |
---|---|---|
committer | harlowja <harlowja@virtualbox.rhel> | 2012-06-21 23:35:07 -0700 |
commit | ba5fb03646f6318a0ace286da746b4bb32f75d5a (patch) | |
tree | 093ee35fab7f54a928aa49b48b1a8529b6ced401 | |
parent | 23cf7e35bf9aa1cffc9d1bb2f20d362b57110723 (diff) | |
download | vyos-cloud-init-ba5fb03646f6318a0ace286da746b4bb32f75d5a.tar.gz vyos-cloud-init-ba5fb03646f6318a0ace286da746b4bb32f75d5a.zip |
Fixup python selinux guards, only try to restore after we check if its useful to restore, fix test to work with selinux enabled sysystems
-rw-r--r-- | cloudinit/stages.py | 20 | ||||
-rw-r--r-- | cloudinit/util.py | 26 | ||||
-rw-r--r-- | tests/unittests/test_util.py | 13 |
3 files changed, 35 insertions, 24 deletions
diff --git a/cloudinit/stages.py b/cloudinit/stages.py index 25f13fd4..cf5e6924 100644 --- a/cloudinit/stages.py +++ b/cloudinit/stages.py @@ -221,11 +221,12 @@ class Init(object): (cfg_list, pkg_list) = self._get_datasources() # Deep copy so that user-data handlers can not modify # (which will affect user-data handlers down the line...) - sys_cfg = copy.deepcopy(self.cfg) - ds_deps = copy.deepcopy(self.ds_deps) - (ds, dsname) = sources.find_source(sys_cfg, self.distro, + (ds, dsname) = sources.find_source(self.cfg, + self.distro, self.paths, - ds_deps, cfg_list, pkg_list) + copy.deepcopy(self.ds_deps), + cfg_list, + pkg_list) LOG.debug("Loaded datasource %s - %s", dsname, ds) if ds: self.datasource = ds @@ -408,7 +409,7 @@ class Modules(object): def __init__(self, init, cfg_files=None): self.datasource = init.datasource self.cfg_files = cfg_files - self.base_cfg = copy.deepcopy(init.cfg) + self.base_cfg = init.cfg self.init = init # Created on first use self._cached_cfg = None @@ -419,7 +420,8 @@ class Modules(object): if self._cached_cfg is None: self._cached_cfg = self._get_config() LOG.debug("Loading 'module' config %s", self._cached_cfg) - return self._cached_cfg + # Only give out a copy so that others can't modify this... + return copy.deepcopy(self._cached_cfg) def _get_config(self): t_cfgs = [] @@ -531,9 +533,11 @@ class Modules(object): LOG.warn(("Module %s is verified on %s distros" " but not on %s distro. It may or may not work" " correctly."), name, worked_distros, d_name) - # Deep copy the config so that modules can't alter it # Use the configs logger and not our own - func_args = [name, copy.deepcopy(self.cfg), + # TODO: possibly check the module + # for having a LOG attr and just give it back + # its own logger? + func_args = [name, self.cfg, cc, config.LOG, args] # Mark it as having started running am_ran += 1 diff --git a/cloudinit/util.py b/cloudinit/util.py index 3aa4e462..332b8379 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -35,6 +35,7 @@ import pwd import random import shutil import socket +import stat import string # pylint: disable=W0402 import subprocess import sys @@ -132,14 +133,24 @@ class SeLinuxGuard(object): self.enabled = True def __enter__(self): - # TODO: Should we try to engage selinux here?? return self.enabled def __exit__(self, excp_type, excp_value, excp_traceback): if self.enabled: - LOG.debug("Restoring selinux mode for %s (recursive=%s)", - self.path, self.recursive) - selinux.restorecon(self.path, recursive=self.recursive) + path = os.path.realpath(os.path.expanduser(self.path)) + do_restore = False + try: + # See if even worth restoring?? + stats = os.lstat(path) + if stat.ST_MODE in stats: + selinux.matchpathcon(path, stats[stat.ST_MODE]) + do_restore = True + except OSError: + pass + if do_restore: + LOG.debug("Restoring selinux mode for %s (recursive=%s)", + path, self.recursive) + selinux.restorecon(path, recursive=self.recursive) class MountFailedError(Exception): @@ -1067,8 +1078,7 @@ def ensure_dir(path, mode=None): if not os.path.isdir(path): # Make the dir and adjust the mode LOG.debug("Ensuring directory exists at path %s", path) - # TODO: check if guard needed?? - with SeLinuxGuard(path=os.path.dirname(path)): + with SeLinuxGuard(os.path.dirname(path), recursive=True): os.makedirs(path) chmod(path, mode) else: @@ -1222,8 +1232,7 @@ def chmod(path, mode): if path and real_mode: LOG.debug("Adjusting the permissions of %s (perms=%o)", path, real_mode) - # TODO: check if guard needed?? - with SeLinuxGuard(path=path): + with SeLinuxGuard(path): os.chmod(path, real_mode) @@ -1239,7 +1248,6 @@ def write_file(filename, content, mode=0644, omode="wb"): """ ensure_dir(os.path.dirname(filename)) LOG.debug("Writing to %s - %s, %s bytes", filename, omode, len(content)) - # TODO: check if guard needed?? with SeLinuxGuard(path=filename): with open(filename, omode) as fh: fh.write(content) diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py index ba565b29..3be6e186 100644 --- a/tests/unittests/test_util.py +++ b/tests/unittests/test_util.py @@ -71,7 +71,7 @@ class TestGetCfgOptionListOrStr(TestCase): """None is returned if key is not found and no default given.""" config = {} result = util.get_cfg_option_list(config, "key") - self.assertIsNone(result) + self.assertEqual(None, result) def test_not_found_with_default(self): """Default is returned if key is not found.""" @@ -166,14 +166,13 @@ class TestWriteFile(MockerTestCase): "selinux.restorecon", passthrough=False) mock_is_selinux_enabled = self.mocker.replace( "selinux.is_selinux_enabled", passthrough=False) - mock_is_selinux_enabled.result(True) - mock_restorecon(path) + mock_is_selinux_enabled() + self.mocker.result(True) + mock_restorecon("/etc/hosts", recursive=False) + self.mocker.result(True) self.mocker.replay() - old = util.HAVE_LIBSELINUX - util.HAVE_LIBSELINUX = True - with util.SeLinuxGuard(self.tmp) as is_on: + with util.SeLinuxGuard("/etc/hosts") as is_on: self.assertTrue(is_on) - util.HAVE_LIBSELINUX = old except ImportError: pass |