Merge "Make sure selinux permissions are correct on ~/.ssh."
This commit is contained in:
commit
7f887736e2
@ -25,6 +25,16 @@ fi
|
|||||||
|
|
||||||
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
|
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
|
||||||
|
|
||||||
|
if [ -e /usr/sbin/getenforce ]; then
|
||||||
|
if [ "$(getenforce)" == "Enforcing" ]; then
|
||||||
|
selinux_wrong_permission="$(find /home/.ssh/ -exec ls -lZ {} \; | grep -v 'ssh_home_t')"
|
||||||
|
if [ -n "${selinux_wrong_permission}" ]; then
|
||||||
|
semanage fcontext -a -t ssh_home_t '/root/.ssh(/.*)?'
|
||||||
|
restorecon -R /root/.ssh/
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
UNDERCLOUD_IP=$(os-apply-config --key local-ip --type netaddress)
|
UNDERCLOUD_IP=$(os-apply-config --key local-ip --type netaddress)
|
||||||
export UNDERCLOUD_IP
|
export UNDERCLOUD_IP
|
||||||
|
|
||||||
|
@ -1390,6 +1390,32 @@ def _configure_ssh_keys(nova):
|
|||||||
nova.keypairs.create('default', pubkey.read().rstrip())
|
nova.keypairs.create('default', pubkey.read().rstrip())
|
||||||
|
|
||||||
|
|
||||||
|
def _ensure_ssh_selinux_permission():
|
||||||
|
ssh_path = os.path.expanduser('~/.ssh')
|
||||||
|
try:
|
||||||
|
enforcing = _run_command(['getenforce'])
|
||||||
|
if os.path.isdir(ssh_path):
|
||||||
|
if 'Enforcing' in enforcing:
|
||||||
|
file_perms = _run_command(
|
||||||
|
['find', ssh_path, '-exec', 'ls', '-lZ', '{}', ';'])
|
||||||
|
wrong_perm = False
|
||||||
|
for line in file_perms.splitlines():
|
||||||
|
if 'ssh_home_t' not in line:
|
||||||
|
wrong_perm = True
|
||||||
|
break
|
||||||
|
if wrong_perm:
|
||||||
|
cmd = ['semanage',
|
||||||
|
'fcontext', '-a', '-t', 'ssh_home_t',
|
||||||
|
"{}(/.*)?".format(ssh_path)]
|
||||||
|
_run_command(cmd)
|
||||||
|
_run_command(['restorecon', '-R', ssh_path])
|
||||||
|
except OSError as e:
|
||||||
|
if e.errno == os.errno.ENOENT:
|
||||||
|
LOG.debug("Not a SeLinux platform")
|
||||||
|
else:
|
||||||
|
raise
|
||||||
|
|
||||||
|
|
||||||
def _delete_default_flavors(nova):
|
def _delete_default_flavors(nova):
|
||||||
"""Delete the default flavors from Nova
|
"""Delete the default flavors from Nova
|
||||||
|
|
||||||
@ -1678,6 +1704,7 @@ def _post_config(instack_env, upgrade):
|
|||||||
os_ironic_api_version='1.21')
|
os_ironic_api_version='1.21')
|
||||||
|
|
||||||
_configure_ssh_keys(nova)
|
_configure_ssh_keys(nova)
|
||||||
|
_ensure_ssh_selinux_permission()
|
||||||
_delete_default_flavors(nova)
|
_delete_default_flavors(nova)
|
||||||
|
|
||||||
_ensure_node_resource_classes(ironic)
|
_ensure_node_resource_classes(ironic)
|
||||||
|
Loading…
Reference in New Issue
Block a user