cloud-init

Merge ~raharper/cloud-init:redhat-selinux-fixes into cloud-init:master

  1. Git
  2. lp:~raharper/cloud-init
  3. redhat-selinux-fixes
  4. Merge into master
Proposed by Ryan Harper
Status: Merged
Approved by: Scott Moser
Approved revision: dbbfd47f6af7a2cc3da93bb2b281467cec316f77
Merged at revision: 95fd5a2b5426f3420e05ac190eb9f286df630484
Proposed branch: ~raharper/cloud-init:redhat-selinux-fixes
Merge into: cloud-init:master
Diff against target: 50 lines (+10/-4)
2 files modified
cloudinit/netinfo.py (+4/-3)
cloudinit/util.py (+6/-1)
Reviewer Review Type Date Requested Status
Scott Moser Approve
Server Team CI bot continuous-integration Approve
Review via email: mp+325404@code.launchpad.net

Description of the change

Fix a few selinux issues found running cloud-init under Redhat

- netinfo package uses netstat which returns 1 when run under selinux
- allow restorecon to be non-fatal, work around python-libselinux issue

To post a comment you must log in.
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:dbbfd47f6af7a2cc3da93bb2b281467cec316f77
https://jenkins.ubuntu.com/server/job/cloud-init-ci/504/
Executed test runs:
    SUCCESS: https://jenkins.ubuntu.com/server/job/cloud-init-ci/nodes=metal-amd64/504
    SUCCESS: https://jenkins.ubuntu.com/server/job/cloud-init-ci/nodes=metal-arm64/504
    SUCCESS: https://jenkins.ubuntu.com/server/job/cloud-init-ci/nodes=metal-ppc64el/504
    SUCCESS: https://jenkins.ubuntu.com/server/job/cloud-init-ci/nodes=metal-s390x/504
    SUCCESS: https://jenkins.ubuntu.com/server/job/cloud-init-ci/nodes=vm-i386/504

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/504/rebuild

review: Approve (continuous-integration)
Revision history for this message
Scott Moser (smoser) wrote :

Looks good. Please make the small changes I suggested.
Then I think it's fine. And you can push.

Curious, would using 'ip' help/avoid this?

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/cloudinit/netinfo.py b/cloudinit/netinfo.py
index ed374a3..39c79de 100644
--- a/cloudinit/netinfo.py
+++ b/cloudinit/netinfo.py
@@ -20,7 +20,7 @@ LOG = logging.getLogger()
2020
21def netdev_info(empty=""):21def netdev_info(empty=""):
22 fields = ("hwaddr", "addr", "bcast", "mask")22 fields = ("hwaddr", "addr", "bcast", "mask")
23 (ifcfg_out, _err) = util.subp(["ifconfig", "-a"])23 (ifcfg_out, _err) = util.subp(["ifconfig", "-a"], rcs=[0, 1])
24 devs = {}24 devs = {}
25 for line in str(ifcfg_out).splitlines():25 for line in str(ifcfg_out).splitlines():
26 if len(line) == 0:26 if len(line) == 0:
@@ -85,7 +85,7 @@ def netdev_info(empty=""):
8585
8686
87def route_info():87def route_info():
88 (route_out, _err) = util.subp(["netstat", "-rn"])88 (route_out, _err) = util.subp(["netstat", "-rn"], rcs=[0, 1])
8989
90 routes = {}90 routes = {}
91 routes['ipv4'] = []91 routes['ipv4'] = []
@@ -125,7 +125,8 @@ def route_info():
125 routes['ipv4'].append(entry)125 routes['ipv4'].append(entry)
126126
127 try:127 try:
128 (route_out6, _err6) = util.subp(["netstat", "-A", "inet6", "-n"])128 (route_out6, _err6) = util.subp(["netstat", "-A", "inet6", "-n"],
129 rcs=[0, 1])
129 except util.ProcessExecutionError:130 except util.ProcessExecutionError:
130 pass131 pass
131 else:132 else:
diff --git a/cloudinit/util.py b/cloudinit/util.py
index b8c3e4e..0f17a6e 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -330,7 +330,12 @@ class SeLinuxGuard(object):
330330
331 LOG.debug("Restoring selinux mode for %s (recursive=%s)",331 LOG.debug("Restoring selinux mode for %s (recursive=%s)",
332 path, self.recursive)332 path, self.recursive)
333 self.selinux.restorecon(path, recursive=self.recursive)333 try:
334 self.selinux.restorecon(path, recursive=self.recursive)
335 except OSError:
336 LOG.warning('restorecon failed on %s,%s maybe badness?',
337 path, self.recursive)
338 pass
334339
335340
336class MountFailedError(Exception):341class MountFailedError(Exception):

Subscribers

People subscribed via source and target branches