Add support for 'selinux_user' key to useradd cloud-config syntax

Fedora and RHEL and friends' useradd program supports an "--selinux-user"
option that sets what SELinux user a new user should log in with.  This commit
introduces an "selinux-user" directive to cloud-config "users" lists that
exposes this option.

2 files changed, 5 insertions, 0 deletions

diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index 40c6aa4f..3e9d934d 100644
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -239,6 +239,7 @@ class Distro(object):
                 "shell": '--shell',
                 "expiredate": '--expiredate',
                 "inactive": '--inactive',
+                "selinux_user": '--selinux-user',
                 }
 
         adduser_opts_flags = {
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt
index d0b3e2ff..1da0d717 100644
--- a/doc/examples/cloud-config-user-groups.txt
+++ b/doc/examples/cloud-config-user-groups.txt
@@ -12,6 +12,7 @@ users:
     gecos: Foo B. Bar
     primary-group: foobar
     groups: users
+    selinux-user: staff_u
     expiredate: 2012-09-01
     ssh-import-id: foobar
     lock-passwd: false
@@ -38,6 +39,9 @@ users:
 #   primary-group: define the primary group. Defaults to a new group created
 #           named after the user.
 #   groups:  Optional. Additional groups to add the user to. Defaults to none
+#   selinux-user:  Optional. The SELinux user for the user's login, such as
+#           "staff_u". When this is omitted the system will select the default
+#           SELinux user.
 #   lock-passwd: Defaults to true. Lock the password to disable password login
 #   inactive: Create the user as inactive
 #   passwd: The hash -- not the password itself -- of the password you want