ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Merge pull request #14910 from mattclay/libvirt-no-selinux

Browse source 
Add noseclabel support to libvirt_lxc plugin.
This commit is contained in:
Matt Davis 2016-03-11 00:24:05 +00:00
commit 32a1662ad0
4 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
docsite/rst/intro_configuration.rst
View file

@ -952,6 +952,17 @@ The default list is: nfs,vboxsf,fuse,ramfs::
special_context_filesystems = nfs,vboxsf,fuse,ramfs,myspecialfs special_context_filesystems = nfs,vboxsf,fuse,ramfs,myspecialfs
libvirt_lxc_noseclabel
======================
.. versionadded:: 2.1
This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh.
This is necessary when running on systems which do not have SELinux.
The default behavior is no::
libvirt_lxc_noseclabel = True
Galaxy Settings Galaxy Settings
--------------- ---------------

3
examples/ansible.cfg
View file

@ -278,6 +278,9 @@
# needs to be changed to use the file system dependent context. # needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs #special_context_filesystems=nfs,vboxsf,fuse,ramfs
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors] [colors]
#higlight = white #higlight = white
#verbose = blue #verbose = blue

1
lib/ansible/constants.py
View file

@ -167,6 +167,7 @@ DEFAULT_NO_TARGET_SYSLOG = get_config(p, DEFAULTS, 'no_target_syslog', 'ANSIBL
# selinux # selinux
DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs', islist=True) DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs', islist=True)
DEFAULT_LIBVIRT_LXC_NOSECLABEL = get_config(p, 'selinux', 'libvirt_lxc_noseclabel', 'LIBVIRT_LXC_NOSECLABEL', False, boolean=True)
### PRIVILEGE ESCALATION ### ### PRIVILEGE ESCALATION ###
# Backwards Compat # Backwards Compat

7
lib/ansible/plugins/connection/libvirt_lxc.py
View file

@ -88,7 +88,12 @@ class Connection(ConnectionBase):
return the process's exit code immediately. return the process's exit code immediately.
''' '''
executable = C.DEFAULT_EXECUTABLE.split()[0] if C.DEFAULT_EXECUTABLE else '/bin/sh' executable = C.DEFAULT_EXECUTABLE.split()[0] if C.DEFAULT_EXECUTABLE else '/bin/sh'
local_cmd = [self.virsh, '-q', '-c', 'lxc:///', 'lxc-enter-namespace', self.lxc, '--', executable , '-c', cmd] local_cmd = [self.virsh, '-q', '-c', 'lxc:///', 'lxc-enter-namespace']
if C.DEFAULT_LIBVIRT_LXC_NOSECLABEL:
local_cmd += ['--noseclabel']
local_cmd += [self.lxc, '--', executable, '-c', cmd]
display.vvv("EXEC %s" % (local_cmd,), host=self.lxc) display.vvv("EXEC %s" % (local_cmd,), host=self.lxc)
local_cmd = [to_bytes(i, errors='strict') for i in local_cmd] local_cmd = [to_bytes(i, errors='strict') for i in local_cmd]