cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Nalley" <da...@gnsa.us>
Subject Re: Review Request: CLOUDSTACK-3054 modify cloud-set-guest-sshkey.in initscript to handle SELinux configuration
Date Tue, 18 Jun 2013 14:42:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11934/#review22064
-----------------------------------------------------------

Ship it!


Thanks for the patch 

commit 025f682e93edd662a0867bebbfc089039922df86
Author: Ian Service <iservice@ts2.ca>
Date:   Tue Jun 18 10:39:31 2013 -0400

    CLOUDSTACK-3054 - Have ssh key initscript handle SELinux permissions

- David Nalley


On June 18, 2013, 2:41 p.m., Ian Service wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11934/
> -----------------------------------------------------------
> 
> (Updated June 18, 2013, 2:41 p.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Description
> -------
> 
> With SELinux enabled on a CentOS VM template the automatic creation process of ~/.ssh
and ~/.ssh/authorized_keys doesn't contain the metadata required for those files to be used
for public key authentication.  Running "restorecon -R -v ~/.ssh" restores the configuration
and allows public key authentication to function with SELinux in the enforcing state.
> 
> This patch checks for the existence of /sbin/restorecon when /etc/init.d/cloud-set-guest-sshkey.in
is run, after it would have updated the .ssh directory and if it exists it restores the configuration.
> 
> 
> Diffs
> -----
> 
>   setup/bindir/cloud-set-guest-sshkey.in 15008b8 
> 
> Diff: https://reviews.apache.org/r/11934/diff/
> 
> 
> Testing
> -------
> 
> Tested on latest CentOS 6.4 template.  Without this modification, machines generated
with with Cloudstack API's deployVirtualMachine and the keypair parameter which have SELinux
enabled still prompt for password even if the correct private key is supplied to SSH.  Once
this patch is applied those same VMs will allow login via public key.
> 
> 
> Thanks,
> 
> Ian Service
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message