diff options
| author | Jordi Massaguer Pla <jmassaguerpla@suse.de> | 2021-01-29 15:43:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-29 08:43:56 -0600 |
| commit | 36ddf1ebed3f264fa86ef4f657dce29244c2e068 (patch) | |
| tree | acce33b73b3a123366720b9e0bf6ade151538b04 | |
| parent | 71564dce3b6fa3e6aa398b0dd7415b21dca70701 (diff) | |
| download | vyos-cloud-init-36ddf1ebed3f264fa86ef4f657dce29244c2e068.tar.gz vyos-cloud-init-36ddf1ebed3f264fa86ef4f657dce29244c2e068.zip | |
includedir in suoders can be prefixed by "arroba" (#783)
Since version 1.9.1, @includedir can be used in the sudoers files
instead of #includedir:
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_1
Actually "@includedir" is the modern syntax, and "#includedir" the historic
syntax. It has been considered that "#includedir" was too puzzling because
it started with a "#" that otherwise denotes comments.
This happens to be the default in SUSE Linux enterprise sudoer package,
so cloudinit should take this into account.
Otherwise, cloudinit was adding an extra #includedir, which was
resulting on the files under /etc/sudoers.d being included twice, one by
@includedir from the SUSE package, one by the @includedir from
cloudinit. The consequence of this, was that if you were defining an
Cmnd_Alias inside any of those files, this was being defined twice and
creating an error when using sudo.
| -rwxr-xr-x | cloudinit/distros/__init__.py | 2 | ||||
| -rw-r--r-- | tests/unittests/test_distros/test_generic.py | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py index 1e118472..220bd11f 100755 --- a/cloudinit/distros/__init__.py +++ b/cloudinit/distros/__init__.py @@ -673,7 +673,7 @@ class Distro(persistence.CloudInitPickleMixin, metaclass=abc.ABCMeta): found_include = False for line in sudoers_contents.splitlines(): line = line.strip() - include_match = re.search(r"^#includedir\s+(.*)$", line) + include_match = re.search(r"^[#|@]includedir\s+(.*)$", line) if not include_match: continue included_dir = include_match.group(1).strip() diff --git a/tests/unittests/test_distros/test_generic.py b/tests/unittests/test_distros/test_generic.py index 44607489..336150bc 100644 --- a/tests/unittests/test_distros/test_generic.py +++ b/tests/unittests/test_distros/test_generic.py @@ -119,6 +119,19 @@ class TestGenericDistro(helpers.FilesystemMockingTestCase): self.assertIn("josh", contents) self.assertEqual(2, contents.count("josh")) + def test_sudoers_ensure_only_one_includedir(self): + cls = distros.fetch("ubuntu") + d = cls("ubuntu", {}, None) + self.patchOS(self.tmp) + self.patchUtils(self.tmp) + for char in ['#', '@']: + util.write_file("/etc/sudoers", "{}includedir /b".format(char)) + d.ensure_sudo_dir("/b") + contents = util.load_file("/etc/sudoers") + self.assertIn("includedir /b", contents) + self.assertTrue(os.path.isdir("/b")) + self.assertEqual(1, contents.count("includedir /b")) + def test_arch_package_mirror_info_unknown(self): """for an unknown arch, we should get back that with arch 'default'.""" arch_mirrors = gapmi(package_mirrors, arch="unknown") |