ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Merge pull request #1771 from sfromm/issue1762

Browse source 
Ensure files created by authorized_key have correct selinux context
This commit is contained in:
Stephen Fromm 2012-12-13 16:39:29 -08:00
commit 23f2a7fc7e
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/module_common.py
View file

@ -275,6 +275,12 @@ class AnsibleModule(object):
group = str(gid)
return (user, group)
def set_default_selinux_context(self, path, changed):
if not HAVE_SELINUX or not self.selinux_enabled():
return changed
context = self.selinux_default_context(path)
return self.set_context_if_different(path, context, False)
def set_context_if_different(self, path, context, changed):
if not HAVE_SELINUX or not self.selinux_enabled():
@ -658,6 +664,10 @@ class AnsibleModule(object):
if self.selinux_enabled():
context = self.selinux_context(dest)
self.set_context_if_different(src, context, False)
else:
if self.selinux_enabled():
context = self.selinux_default_context(dest)
self.set_context_if_different(src, context, False)
os.rename(src, dest)
# == END DYNAMICALLY INSERTED CODE ===

4
library/authorized_key
View file

@ -97,6 +97,8 @@ def keyfile(module, user, write=False):
if not os.path.exists(sshdir):
os.mkdir(sshdir, 0700)
if module.selinux_enabled():
module.set_default_selinux_context(sshdir, False)
os.chown(sshdir, uid, gid)
os.chmod(sshdir, 0700)
@ -105,6 +107,8 @@ def keyfile(module, user, write=False):
f = open(keysfile, "w") #touches file so we can set ownership and perms
finally:
f.close()
if module.selinux_enabled():
module.set_default_selinux_context(keysfile, False)
os.chown(keysfile, uid, gid)
os.chmod(keysfile, 0600)