mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #7099/bf728aad backport][stable-7] chroot: add disable_root_check option (#7111)
chroot: add `disable_root_check` option (#7099)
* Initial commit
* Update plugins/connection/chroot.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment
* Update changelogs/fragments/7099-chroot-disable-root-check-option.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Сашка724ая <git@sashok724.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit bf728aadfb)
Co-authored-by: Сашка724ая <github@sashok724.net>
This commit is contained in:
patchback[bot]
GitHub
parent
c3baaa8cfa
commit
235e55fa9f
2 changed files with 21 additions and 5 deletions
|
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- "chroot connection plugin - add ``disable_root_check`` option (https://github.com/ansible-collections/community.general/pull/7099)."
|
||||||
|
|
@ -46,6 +46,19 @@ DOCUMENTATION = '''
|
||||||
vars:
|
vars:
|
||||||
- name: ansible_chroot_exe
|
- name: ansible_chroot_exe
|
||||||
default: chroot
|
default: chroot
|
||||||
|
disable_root_check:
|
||||||
|
description:
|
||||||
|
- Do not check that the user is not root.
|
||||||
|
ini:
|
||||||
|
- section: chroot_connection
|
||||||
|
key: disable_root_check
|
||||||
|
env:
|
||||||
|
- name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
|
||||||
|
vars:
|
||||||
|
- name: ansible_chroot_disable_root_check
|
||||||
|
default: false
|
||||||
|
type: bool
|
||||||
|
version_added: 7.3.0
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = r"""
|
EXAMPLES = r"""
|
||||||
|
|
@ -102,11 +115,7 @@ class Connection(ConnectionBase):
|
||||||
|
|
||||||
self.chroot = self._play_context.remote_addr
|
self.chroot = self._play_context.remote_addr
|
||||||
|
|
||||||
if os.geteuid() != 0:
|
# do some trivial checks for ensuring 'host' is actually a chroot'able dir
|
||||||
raise AnsibleError("chroot connection requires running as root")
|
|
||||||
|
|
||||||
# we're running as root on the local system so do some
|
|
||||||
# trivial checks for ensuring 'host' is actually a chroot'able dir
|
|
||||||
if not os.path.isdir(self.chroot):
|
if not os.path.isdir(self.chroot):
|
||||||
raise AnsibleError("%s is not a directory" % self.chroot)
|
raise AnsibleError("%s is not a directory" % self.chroot)
|
||||||
|
|
||||||
|
|
@ -120,6 +129,11 @@ class Connection(ConnectionBase):
|
||||||
|
|
||||||
def _connect(self):
|
def _connect(self):
|
||||||
""" connect to the chroot """
|
""" connect to the chroot """
|
||||||
|
if not self.get_option('disable_root_check') and os.geteuid() != 0:
|
||||||
|
raise AnsibleError(
|
||||||
|
"chroot connection requires running as root. "
|
||||||
|
"You can override this check with the `disable_root_check` option.")
|
||||||
|
|
||||||
if os.path.isabs(self.get_option('chroot_exe')):
|
if os.path.isabs(self.get_option('chroot_exe')):
|
||||||
self.chroot_cmd = self.get_option('chroot_exe')
|
self.chroot_cmd = self.get_option('chroot_exe')
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue