summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGarrett Holmstrom <gholms@eucalyptus.com>2012-09-19 10:02:55 -0400
committerScott Moser <smoser@ubuntu.com>2012-09-19 10:02:55 -0400
commit9c0cffeabfcc7ddfa5fdac2d22d91e336c538376 (patch)
tree92bf9abd36dea127756405c76bcc018aa4617ee4
parent62450b525e217b792dcf702fb2bd79d41bee17b7 (diff)
parent11db1e91ddc047728b0161eb1da30e54084ae5eb (diff)
downloadvyos-cloud-init-9c0cffeabfcc7ddfa5fdac2d22d91e336c538376.tar.gz
vyos-cloud-init-9c0cffeabfcc7ddfa5fdac2d22d91e336c538376.zip
Add support for 'selinux_user' key to useradd cloud-config syntax
Fedora and RHEL and friends' useradd program supports an "--selinux-user" option that sets what SELinux user a new user should log in with. This commit introduces an "selinux-user" directive to cloud-config "users" lists that exposes this option.
-rw-r--r--cloudinit/distros/__init__.py1
-rw-r--r--doc/examples/cloud-config-user-groups.txt4
2 files changed, 5 insertions, 0 deletions
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index 40c6aa4f..3e9d934d 100644
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -239,6 +239,7 @@ class Distro(object):
"shell": '--shell',
"expiredate": '--expiredate',
"inactive": '--inactive',
+ "selinux_user": '--selinux-user',
}
adduser_opts_flags = {
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt
index d0b3e2ff..1da0d717 100644
--- a/doc/examples/cloud-config-user-groups.txt
+++ b/doc/examples/cloud-config-user-groups.txt
@@ -12,6 +12,7 @@ users:
gecos: Foo B. Bar
primary-group: foobar
groups: users
+ selinux-user: staff_u
expiredate: 2012-09-01
ssh-import-id: foobar
lock-passwd: false
@@ -38,6 +39,9 @@ users:
# primary-group: define the primary group. Defaults to a new group created
# named after the user.
# groups: Optional. Additional groups to add the user to. Defaults to none
+# selinux-user: Optional. The SELinux user for the user's login, such as
+# "staff_u". When this is omitted the system will select the default
+# SELinux user.
# lock-passwd: Defaults to true. Lock the password to disable password login
# inactive: Create the user as inactive
# passwd: The hash -- not the password itself -- of the password you want