From 4050105c1cfb100e6b93c56a74ecd2fe29d87608 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:04:49 -0700 Subject: Some containers lack /dev/console, so when multi_log attempts to open that device and write to it directly things can start going haywire. Here we address this problem by sending console-bound output to stdout and letting init take care of getting it to the console instead. We already configure upstart with "console output", so we need only change systemd to use "journal+console". --- cloudinit/util.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'cloudinit/util.py') diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..02890448 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,11 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Don't use the write_file since - # this might be 'sensitive' info (not debug worthy?) - with open('/dev/console', 'wb') as wfh: - wfh.write(text) - wfh.flush() + # Some containers lack /dev/console, so we send output to + # stdout and configure upstart with "console output" and + # systemd with "journal+console" and let them take care of + # getting output to the console. + print text if log: if text[-1] == "\n": log.log(log_level, text[:-1]) -- cgit v1.2.3 From 0b9e965096d0cfb20284c587262945c8599ea4a3 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:34:41 -0700 Subject: When selinux is completely disabled functions like restorecon raise exceptions, causing nasty things to happen on instances that boot with selinux=0. The fix is easy: simply consult is_selinux_enabled() first. --- cloudinit/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cloudinit/util.py') diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..deac8c8d 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -161,13 +161,13 @@ class SeLinuxGuard(object): self.recursive = recursive def __enter__(self): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): return True else: return False def __exit__(self, excp_type, excp_value, excp_traceback): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): path = os.path.realpath(os.path.expanduser(self.path)) do_restore = False try: -- cgit v1.2.3 From f0e1bf38a2b943d27c8fe20724799b2e552e7adc Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 14:52:30 -0400 Subject: instead of just writing to stdout, write to stdout if no /dev/console --- cloudinit/util.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'cloudinit/util.py') diff --git a/cloudinit/util.py b/cloudinit/util.py index 02890448..89307aa5 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,21 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Some containers lack /dev/console, so we send output to - # stdout and configure upstart with "console output" and - # systemd with "journal+console" and let them take care of - # getting output to the console. - print text + conpath = "/dev/console" + if os.path.exists(conpath): + with open(conpath, 'wb') as wfh: + wfh.write(text) + wfh.flush() + else: + # A container may lack /dev/console (arguably a container bug). If + # it does not exist, then write output to stdout. this will result + # in duplicate stderr and stdout messages if stderr was True. + # + # even though upstart or systemd might have set up output to go to + # /dev/console, the user may have configured elsewhere via + # cloud-config 'output'. If there is /dev/console, messages will + # still get there. + sys.stdout.write(text) if log: if text[-1] == "\n": log.log(log_level, text[:-1]) -- cgit v1.2.3