← Back to team overview

cloud-init-dev team mailing list archive

[Merge] lp:~gholms/cloud-init/useradd-selinux into lp:cloud-init


Garrett Holmstrom has proposed merging lp:~gholms/cloud-init/useradd-selinux into lp:cloud-init.

Requested reviews:
  cloud init development team (cloud-init-dev)

For more details, see:

Fedora and RHEL and friends' useradd program supports an "--selinux-user" option that sets what SELinux user a new user should log in with.  This commit introduces an "selinux-user" directive to cloud-config "users" lists that exposes this option.
Your team cloud init development team is requested to review the proposed merge of lp:~gholms/cloud-init/useradd-selinux into lp:cloud-init.
=== modified file 'cloudinit/distros/__init__.py'
--- cloudinit/distros/__init__.py	2012-08-31 18:45:40 +0000
+++ cloudinit/distros/__init__.py	2012-09-18 17:51:27 +0000
@@ -239,6 +239,7 @@
                 "shell": '--shell',
                 "expiredate": '--expiredate',
                 "inactive": '--inactive',
+                "selinux_user": '--selinux-user',
         adduser_opts_flags = {

=== modified file 'doc/examples/cloud-config-user-groups.txt'
--- doc/examples/cloud-config-user-groups.txt	2012-08-31 19:36:35 +0000
+++ doc/examples/cloud-config-user-groups.txt	2012-09-18 17:51:27 +0000
@@ -12,6 +12,7 @@
     gecos: Foo B. Bar
     primary-group: foobar
     groups: users
+    selinux-user: staff_u
     expiredate: 2012-09-01
     ssh-import-id: foobar
     lock-passwd: false
@@ -38,6 +39,9 @@
 #   primary-group: define the primary group. Defaults to a new group created
 #           named after the user.
 #   groups:  Optional. Additional groups to add the user to. Defaults to none
+#   selinux-user:  Optional. The SELinux user for the user's login, such as
+#           "staff_u". When this is omitted the system will select the default
+#           SELinux user.
 #   lock-passwd: Defaults to true. Lock the password to disable password login
 #   inactive: Create the user as inactive
 #   passwd: The hash -- not the password itself -- of the password you want

Follow ups