cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Nalley" <da...@gnsa.us>
Subject Re: Review Request: modify cloud-set-guest-sshkey.in initscript to handle SELinux configuration
Date Tue, 18 Jun 2013 13:58:03 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11934/#review22060
-----------------------------------------------------------


Would you mind creating a bug for this?? 

--David

- David Nalley


On June 18, 2013, 1:53 p.m., Ian Service wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11934/
> -----------------------------------------------------------
> 
> (Updated June 18, 2013, 1:53 p.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Description
> -------
> 
> With SELinux enabled on a CentOS VM template the automatic creation process of ~/.ssh
and ~/.ssh/authorized_keys doesn't contain the metadata required for those files to be used
for public key authentication.  Running "restorecon -R -v ~/.ssh" restores the configuration
and allows public key authentication to function with SELinux in the enforcing state.
> 
> This patch checks for the existence of /sbin/restorecon when /etc/init.d/cloud-set-guest-sshkey.in
is run, after it would have updated the .ssh directory and if it exists it restores the configuration.
> 
> 
> Diffs
> -----
> 
>   setup/bindir/cloud-set-guest-sshkey.in 15008b8 
> 
> Diff: https://reviews.apache.org/r/11934/diff/
> 
> 
> Testing
> -------
> 
> Tested on latest CentOS 6.4 template.  Without this modification, machines generated
with with Cloudstack API's deployVirtualMachine and the keypair parameter which have SELinux
enabled still prompt for password even if the correct private key is supplied to SSH.  Once
this patch is applied those same VMs will allow login via public key.
> 
> 
> Thanks,
> 
> Ian Service
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message