Fixup python selinux guards, only try to restore after we check if its useful to restore, fix test to work with selinux enabled sysystems
This commit is contained in:
harlowja
parent
8f4786a3ba
commit
017529db0b
@ -221,11 +221,12 @@ class Init(object):
|
||||
(cfg_list, pkg_list) = self._get_datasources()
|
||||
# Deep copy so that user-data handlers can not modify
|
||||
# (which will affect user-data handlers down the line...)
|
||||
sys_cfg = copy.deepcopy(self.cfg)
|
||||
ds_deps = copy.deepcopy(self.ds_deps)
|
||||
(ds, dsname) = sources.find_source(sys_cfg, self.distro,
|
||||
(ds, dsname) = sources.find_source(self.cfg,
|
||||
self.distro,
|
||||
self.paths,
|
||||
ds_deps, cfg_list, pkg_list)
|
||||
copy.deepcopy(self.ds_deps),
|
||||
cfg_list,
|
||||
pkg_list)
|
||||
LOG.debug("Loaded datasource %s - %s", dsname, ds)
|
||||
if ds:
|
||||
self.datasource = ds
|
||||
@ -408,7 +409,7 @@ class Modules(object):
|
||||
def __init__(self, init, cfg_files=None):
|
||||
self.datasource = init.datasource
|
||||
self.cfg_files = cfg_files
|
||||
self.base_cfg = copy.deepcopy(init.cfg)
|
||||
self.base_cfg = init.cfg
|
||||
self.init = init
|
||||
# Created on first use
|
||||
self._cached_cfg = None
|
||||
@ -419,7 +420,8 @@ class Modules(object):
|
||||
if self._cached_cfg is None:
|
||||
self._cached_cfg = self._get_config()
|
||||
LOG.debug("Loading 'module' config %s", self._cached_cfg)
|
||||
return self._cached_cfg
|
||||
# Only give out a copy so that others can't modify this...
|
||||
return copy.deepcopy(self._cached_cfg)
|
||||
|
||||
def _get_config(self):
|
||||
t_cfgs = []
|
||||
@ -531,9 +533,11 @@ class Modules(object):
|
||||
LOG.warn(("Module %s is verified on %s distros"
|
||||
" but not on %s distro. It may or may not work"
|
||||
" correctly."), name, worked_distros, d_name)
|
||||
# Deep copy the config so that modules can't alter it
|
||||
# Use the configs logger and not our own
|
||||
func_args = [name, copy.deepcopy(self.cfg),
|
||||
# TODO: possibly check the module
|
||||
# for having a LOG attr and just give it back
|
||||
# its own logger?
|
||||
func_args = [name, self.cfg,
|
||||
cc, config.LOG, args]
|
||||
# Mark it as having started running
|
||||
am_ran += 1
|
||||
|
||||
@ -35,6 +35,7 @@ import pwd
|
||||
import random
|
||||
import shutil
|
||||
import socket
|
||||
import stat
|
||||
import string # pylint: disable=W0402
|
||||
import subprocess
|
||||
import sys
|
||||
@ -132,14 +133,24 @@ class SeLinuxGuard(object):
|
||||
self.enabled = True
|
||||
|
||||
def __enter__(self):
|
||||
# TODO: Should we try to engage selinux here??
|
||||
return self.enabled
|
||||
|
||||
def __exit__(self, excp_type, excp_value, excp_traceback):
|
||||
if self.enabled:
|
||||
path = os.path.realpath(os.path.expanduser(self.path))
|
||||
do_restore = False
|
||||
try:
|
||||
# See if even worth restoring??
|
||||
stats = os.lstat(path)
|
||||
if stat.ST_MODE in stats:
|
||||
selinux.matchpathcon(path, stats[stat.ST_MODE])
|
||||
do_restore = True
|
||||
except OSError:
|
||||
pass
|
||||
if do_restore:
|
||||
LOG.debug("Restoring selinux mode for %s (recursive=%s)",
|
||||
self.path, self.recursive)
|
||||
selinux.restorecon(self.path, recursive=self.recursive)
|
||||
path, self.recursive)
|
||||
selinux.restorecon(path, recursive=self.recursive)
|
||||
|
||||
|
||||
class MountFailedError(Exception):
|
||||
@ -1067,8 +1078,7 @@ def ensure_dir(path, mode=None):
|
||||
if not os.path.isdir(path):
|
||||
# Make the dir and adjust the mode
|
||||
LOG.debug("Ensuring directory exists at path %s", path)
|
||||
# TODO: check if guard needed??
|
||||
with SeLinuxGuard(path=os.path.dirname(path)):
|
||||
with SeLinuxGuard(os.path.dirname(path), recursive=True):
|
||||
os.makedirs(path)
|
||||
chmod(path, mode)
|
||||
else:
|
||||
@ -1222,8 +1232,7 @@ def chmod(path, mode):
|
||||
if path and real_mode:
|
||||
LOG.debug("Adjusting the permissions of %s (perms=%o)",
|
||||
path, real_mode)
|
||||
# TODO: check if guard needed??
|
||||
with SeLinuxGuard(path=path):
|
||||
with SeLinuxGuard(path):
|
||||
os.chmod(path, real_mode)
|
||||
|
||||
|
||||
@ -1239,7 +1248,6 @@ def write_file(filename, content, mode=0644, omode="wb"):
|
||||
"""
|
||||
ensure_dir(os.path.dirname(filename))
|
||||
LOG.debug("Writing to %s - %s, %s bytes", filename, omode, len(content))
|
||||
# TODO: check if guard needed??
|
||||
with SeLinuxGuard(path=filename):
|
||||
with open(filename, omode) as fh:
|
||||
fh.write(content)
|
||||
|
||||
@ -71,7 +71,7 @@ class TestGetCfgOptionListOrStr(TestCase):
|
||||
"""None is returned if key is not found and no default given."""
|
||||
config = {}
|
||||
result = util.get_cfg_option_list(config, "key")
|
||||
self.assertIsNone(result)
|
||||
self.assertEqual(None, result)
|
||||
|
||||
def test_not_found_with_default(self):
|
||||
"""Default is returned if key is not found."""
|
||||
@ -166,14 +166,13 @@ class TestWriteFile(MockerTestCase):
|
||||
"selinux.restorecon", passthrough=False)
|
||||
mock_is_selinux_enabled = self.mocker.replace(
|
||||
"selinux.is_selinux_enabled", passthrough=False)
|
||||
mock_is_selinux_enabled.result(True)
|
||||
mock_restorecon(path)
|
||||
mock_is_selinux_enabled()
|
||||
self.mocker.result(True)
|
||||
mock_restorecon("/etc/hosts", recursive=False)
|
||||
self.mocker.result(True)
|
||||
self.mocker.replay()
|
||||
old = util.HAVE_LIBSELINUX
|
||||
util.HAVE_LIBSELINUX = True
|
||||
with util.SeLinuxGuard(self.tmp) as is_on:
|
||||
with util.SeLinuxGuard("/etc/hosts") as is_on:
|
||||
self.assertTrue(is_on)
|
||||
util.HAVE_LIBSELINUX = old
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user