← Back to team overview

cloud-init-dev team mailing list archive

  1. cloud-init-dev team
  2. Mailing list archive
  3. Message #02636

[Merge] ~raharper/cloud-init:redhat-selinux-fixes into cloud-init:master

  Thread PreviousDate PreviousThread Next 
Ryan Harper has proposed merging ~raharper/cloud-init:redhat-selinux-fixes into cloud-init:master.

Requested reviews:
  cloud-init commiters (cloud-init-dev)

For more details, see:
https://code.launchpad.net/~raharper/cloud-init/+git/cloud-init/+merge/325404

Fix a few selinux issues found running cloud-init under Redhat

- netinfo package uses netstat which returns 1 when run under selinux
- allow restorecon to be non-fatal, work around python-libselinux issue
-- 
Your team cloud-init commiters is requested to review the proposed merge of ~raharper/cloud-init:redhat-selinux-fixes into cloud-init:master.

diff --git a/cloudinit/netinfo.py b/cloudinit/netinfo.py
index ed374a3..39c79de 100644
--- a/cloudinit/netinfo.py
+++ b/cloudinit/netinfo.py
@@ -20,7 +20,7 @@ LOG = logging.getLogger()
 
 def netdev_info(empty=""):
     fields = ("hwaddr", "addr", "bcast", "mask")
-    (ifcfg_out, _err) = util.subp(["ifconfig", "-a"])
+    (ifcfg_out, _err) = util.subp(["ifconfig", "-a"], rcs=[0, 1])
     devs = {}
     for line in str(ifcfg_out).splitlines():
         if len(line) == 0:
@@ -85,7 +85,7 @@ def netdev_info(empty=""):
 
 
 def route_info():
-    (route_out, _err) = util.subp(["netstat", "-rn"])
+    (route_out, _err) = util.subp(["netstat", "-rn"], rcs=[0, 1])
 
     routes = {}
     routes['ipv4'] = []
@@ -125,7 +125,8 @@ def route_info():
         routes['ipv4'].append(entry)
 
     try:
-        (route_out6, _err6) = util.subp(["netstat", "-A", "inet6", "-n"])
+        (route_out6, _err6) = util.subp(["netstat", "-A", "inet6", "-n"],
+                                        rcs=[0, 1])
     except util.ProcessExecutionError:
         pass
     else:
diff --git a/cloudinit/util.py b/cloudinit/util.py
index b8c3e4e..0f17a6e 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -330,7 +330,12 @@ class SeLinuxGuard(object):
 
         LOG.debug("Restoring selinux mode for %s (recursive=%s)",
                   path, self.recursive)
-        self.selinux.restorecon(path, recursive=self.recursive)
+        try:
+            self.selinux.restorecon(path, recursive=self.recursive)
+        except OSError:
+            LOG.warning('restorecon failed on %s,%s maybe badness?',
+                        path, self.recursive)
+            pass
 
 
 class MountFailedError(Exception):

Follow ups

  Thread PreviousDate PreviousThread Next