summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Client/Tools/POSIX
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/Bcfg2/Client/Tools/POSIX')
-rw-r--r--src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py38
-rw-r--r--src/lib/Bcfg2/Client/Tools/POSIX/Device.py4
-rw-r--r--src/lib/Bcfg2/Client/Tools/POSIX/File.py20
-rw-r--r--src/lib/Bcfg2/Client/Tools/POSIX/__init__.py2
-rw-r--r--src/lib/Bcfg2/Client/Tools/POSIX/base.py69
5 files changed, 71 insertions, 62 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py b/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
index fc4e16904..bcd695058 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
@@ -5,15 +5,16 @@ import Bcfg2.Client.XML
from augeas import Augeas
from Bcfg2.Client.Tools.POSIX.base import POSIXTool
from Bcfg2.Client.Tools.POSIX.File import POSIXFile
+from Bcfg2.Compat import all # pylint: disable=W0622
class AugeasCommand(object):
""" Base class for all Augeas command objects """
- def __init__(self, command, augeas_obj, logger):
+ def __init__(self, entry, command, augeas_obj, logger):
self._augeas = augeas_obj
self.command = command
- self.entry = self.command.getparent()
+ self.entry = entry
self.logger = logger
def get_path(self, attr="path"):
@@ -115,8 +116,8 @@ class Remove(AugeasCommand):
class Move(AugeasCommand):
""" Augeas ``move`` command """
- def __init__(self, command, augeas_obj, logger):
- AugeasCommand.__init__(self, command, augeas_obj, logger)
+ def __init__(self, entry, command, augeas_obj, logger):
+ AugeasCommand.__init__(self, entry, command, augeas_obj, logger)
self.source = self.get_path("source")
self.dest = self.get_path("destination")
@@ -131,8 +132,8 @@ class Move(AugeasCommand):
class Set(AugeasCommand):
""" Augeas ``set`` command """
- def __init__(self, command, augeas_obj, logger):
- AugeasCommand.__init__(self, command, augeas_obj, logger)
+ def __init__(self, entry, command, augeas_obj, logger):
+ AugeasCommand.__init__(self, entry, command, augeas_obj, logger)
self.value = self.command.get("value")
def verify(self):
@@ -146,15 +147,15 @@ class Set(AugeasCommand):
class Clear(Set):
""" Augeas ``clear`` command """
- def __init__(self, command, augeas_obj, logger):
- Set.__init__(self, command, augeas_obj, logger)
+ def __init__(self, entry, command, augeas_obj, logger):
+ Set.__init__(self, entry, command, augeas_obj, logger)
self.value = None
class SetMulti(AugeasCommand):
""" Augeas ``setm`` command """
- def __init__(self, command, augeas_obj, logger):
- AugeasCommand.__init__(self, command, augeas_obj, logger)
+ def __init__(self, entry, command, augeas_obj, logger):
+ AugeasCommand.__init__(self, entry, command, augeas_obj, logger)
self.sub = self.command.get("sub")
self.value = self.command.get("value")
self.base = self.get_path("base")
@@ -170,8 +171,8 @@ class SetMulti(AugeasCommand):
class Insert(AugeasCommand):
""" Augeas ``ins`` command """
- def __init__(self, command, augeas_obj, logger):
- AugeasCommand.__init__(self, command, augeas_obj, logger)
+ def __init__(self, entry, command, augeas_obj, logger):
+ AugeasCommand.__init__(self, entry, command, augeas_obj, logger)
self.label = self.command.get("label")
self.where = self.command.get("where", "before")
self.before = self.where == "before"
@@ -230,11 +231,12 @@ class POSIXAugeas(POSIXTool):
objects representing the commands.
"""
rv = []
- for cmd in entry.iterchildren():
+ for cmd in entry:
if cmd.tag == "Initial":
continue
if cmd.tag in globals():
- rv.append(globals()[cmd.tag](cmd, self.get_augeas(entry),
+ rv.append(globals()[cmd.tag](entry, cmd,
+ self.get_augeas(entry),
self.logger))
else:
err = "Augeas: Unknown command %s in %s" % (cmd.tag,
@@ -248,8 +250,8 @@ class POSIXAugeas(POSIXTool):
for cmd in self.get_commands(entry):
try:
if not cmd.verify():
- err = "Augeas: Command has not been applied to %s: %s" % \
- (entry.get("name"), cmd)
+ err = ("Augeas: Command has not been applied to %s: %s" %
+ (entry.get("name"), cmd))
self.logger.debug(err)
entry.set('qtext', "\n".join([entry.get('qtext', ''),
err]))
@@ -258,8 +260,8 @@ class POSIXAugeas(POSIXTool):
else:
cmd.command.set("verified", "true")
except: # pylint: disable=W0702
- err = "Augeas: Unexpected error verifying %s: %s: %s" % \
- (entry.get("name"), cmd, sys.exc_info()[1])
+ err = ("Augeas: Unexpected error verifying %s: %s: %s" %
+ (entry.get("name"), cmd, sys.exc_info()[1]))
self.logger.error(err)
entry.set('qtext', "\n".join([entry.get('qtext', ''), err]))
rv = False
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Device.py b/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
index 6237ccce2..e90ecd384 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
@@ -1,4 +1,4 @@
-""" Handle <Path type='nonexistent' ...> entries """
+""" Handle <Path type='device' ...> entries """
import os
import sys
@@ -6,7 +6,7 @@ from Bcfg2.Client.Tools.POSIX.base import POSIXTool, device_map
class POSIXDevice(POSIXTool):
- """ Handle <Path type='nonexistent' ...> entries """
+ """ Handle <Path type='device' ...> entries """
__req__ = ['name', 'dev_type', 'mode', 'owner', 'group']
def fully_specified(self, entry):
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/File.py b/src/lib/Bcfg2/Client/Tools/POSIX/File.py
index fc445e07c..1f1772d46 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/File.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/File.py
@@ -8,6 +8,7 @@ import tempfile
import Bcfg2.Options
from Bcfg2.Client.Tools.POSIX.base import POSIXTool
from Bcfg2.Compat import unicode, b64encode, b64decode # pylint: disable=W0622
+import Bcfg2.Utils
class POSIXFile(POSIXTool):
@@ -17,21 +18,6 @@ class POSIXFile(POSIXTool):
def fully_specified(self, entry):
return entry.text is not None or entry.get('empty', 'false') == 'true'
- def _is_string(self, strng, encoding):
- """ Returns true if the string contains no ASCII control
- characters and can be decoded from the specified encoding. """
- for char in strng:
- if ord(char) < 9 or ord(char) > 13 and ord(char) < 32:
- return False
- if not hasattr(strng, "decode"):
- # py3k
- return True
- try:
- strng.decode(encoding)
- return True
- except: # pylint: disable=W0702
- return False
-
def _get_data(self, entry):
""" Get a tuple of (<file data>, <is binary>) for the given entry """
is_binary = entry.get('encoding', 'ascii') == 'base64'
@@ -181,8 +167,8 @@ class POSIXFile(POSIXTool):
(entry.get("name"), sys.exc_info()[1]))
return False
if not is_binary:
- is_binary |= not self._is_string(content,
- Bcfg2.Options.setup.encoding)
+ is_binary |= not Bcfg2.Utils.is_string(
+ content, Bcfg2.Options.setup.encoding)
if is_binary:
# don't compute diffs if the file is binary
prompt.append('Binary file, no printable diff')
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
index c27c7559d..41bff751d 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
@@ -14,7 +14,7 @@ from Bcfg2.Client.Tools.POSIX.base import POSIXTool
class POSIX(Bcfg2.Client.Tools.Tool):
"""POSIX File support code."""
- options = Bcfg2.Client.Tools.Tool.options + [
+ options = Bcfg2.Client.Tools.Tool.options + POSIXTool.options + [
Bcfg2.Options.PathOption(
cf=('paranoid', 'path'), default='/var/cache/bcfg2',
dest='paranoid_path',
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index 8895eaae1..ffa527cd6 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -6,9 +6,11 @@ import pwd
import grp
import stat
import copy
+import errno
import shutil
import Bcfg2.Client.Tools
import Bcfg2.Client.XML
+import Bcfg2.Options
from Bcfg2.Compat import oct_mode
try:
@@ -37,6 +39,22 @@ device_map = dict(block=stat.S_IFBLK, # pylint: disable=C0103
class POSIXTool(Bcfg2.Client.Tools.Tool):
""" Base class for tools that handle POSIX (Path) entries """
+
+ options = [
+ Bcfg2.Options.Option(
+ cf=('POSIX', 'secontext_ignore'),
+ default=['anon_inodefs_t', 'bdev_t', 'binfmt_misc_fs_t',
+ 'capifs_t', 'configfs_t', 'cpusetfs_t', 'ecryptfs_t',
+ 'eventpollfs_t', 'futexfs_t', 'hugetlbfs_t', 'ibmasmfs_t',
+ 'inotifyfs_t', 'mvfs_t', 'nfsd_fs_t', 'oprofilefs_t',
+ 'ramfs_t', 'romfs_t', 'rpc_pipefs_t', 'spufs_t',
+ 'squash_t', 'vmblock_t', 'vxfs_t', 'xenfs_t', 'autofs_t',
+ 'cifs_t', 'dosfs_t', 'fusefs_t', 'iso9660_t',
+ 'removable_t', 'nfs_t'],
+ help='secontext types to ignore labeling errors',
+ type=Bcfg2.Options.Types.colon_list)
+ ]
+
def fully_specified(self, entry): # pylint: disable=W0613
""" return True if the entry is fully specified """
# checking is done by __req__
@@ -112,14 +130,14 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
% (path,
self._norm_entry_uid(entry),
self._norm_entry_gid(entry)))
- os.chown(path, self._norm_entry_uid(entry),
- self._norm_entry_gid(entry))
+ os.lchown(path, self._norm_entry_uid(entry),
+ self._norm_entry_gid(entry))
except (OSError, KeyError):
self.logger.error('POSIX: Failed to change ownership of %s'
% path)
rv = False
if sys.exc_info()[0] == KeyError:
- os.chown(path, 0, 0)
+ os.lchown(path, 0, 0)
else:
self.logger.debug("POSIX: Run as non-root, not setting ownership")
@@ -272,7 +290,7 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
rv &= self._apply_acl(defacl, path, posix1e.ACL_TYPE_DEFAULT)
return rv
- def _set_secontext(self, entry, path=None):
+ def _set_secontext(self, entry, path=None): # pylint: disable=R0911
""" set the SELinux context of the file on disk according to the
config"""
if not HAS_SELINUX:
@@ -284,25 +302,28 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
if not context:
# no context listed
return True
-
- if context == '__default__':
- try:
+ secontext = selinux.lgetfilecon(path)[1].split(":")[2]
+ if secontext in Bcfg2.Options.setup.secontext_ignore:
+ return True
+ try:
+ if context == '__default__':
selinux.restorecon(path)
- rv = True
- except OSError:
- err = sys.exc_info()[1]
- self.logger.error("POSIX: Failed to restore SELinux context "
- "for %s: %s" % (path, err))
- rv = False
- else:
- try:
- rv = selinux.lsetfilecon(path, context) == 0
- except OSError:
- err = sys.exc_info()[1]
- self.logger.error("POSIX: Failed to restore SELinux context "
- "for %s: %s" % (path, err))
- rv = False
- return rv
+ return True
+ else:
+ return selinux.lsetfilecon(path, context) == 0
+ except OSError:
+ err = sys.exc_info()[1]
+ if err.errno == errno.EOPNOTSUPP:
+ # Operation not supported
+ if context != '__default__':
+ self.logger.debug("POSIX: Failed to set SELinux context "
+ "for %s: %s" % (path, err))
+ return False
+ return True
+ err = sys.exc_info()[1]
+ self.logger.error("POSIX: Failed to set or restore SELinux "
+ "context for %s: %s" % (path, err))
+ return False
def _norm_gid(self, gid):
""" This takes a group name or gid and returns the
@@ -541,8 +562,8 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
except OSError:
errors.append("%s has no default SELinux context" %
entry.get("name"))
- else:
- wanted_secontext = entry.get("secontext")
+ elif entry.get("secontext"):
+ wanted_secontext = entry.get("secontext").split(":")[2]
if (wanted_secontext and
attrib['current_secontext'] != wanted_secontext):
errors.append("SELinux context for path %s is incorrect. "
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-09 15:23:11 +0000