----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11934/#review22064 -----------------------------------------------------------
Ship it! Thanks for the patch commit 025f682e93edd662a0867bebbfc089039922df86 Author: Ian Service <[email protected]> Date: Tue Jun 18 10:39:31 2013 -0400 CLOUDSTACK-3054 - Have ssh key initscript handle SELinux permissions - David Nalley On June 18, 2013, 2:41 p.m., Ian Service wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/11934/ > ----------------------------------------------------------- > > (Updated June 18, 2013, 2:41 p.m.) > > > Review request for cloudstack. > > > Description > ------- > > With SELinux enabled on a CentOS VM template the automatic creation process > of ~/.ssh and ~/.ssh/authorized_keys doesn't contain the metadata required > for those files to be used for public key authentication. Running > "restorecon -R -v ~/.ssh" restores the configuration and allows public key > authentication to function with SELinux in the enforcing state. > > This patch checks for the existence of /sbin/restorecon when > /etc/init.d/cloud-set-guest-sshkey.in is run, after it would have updated the > .ssh directory and if it exists it restores the configuration. > > > Diffs > ----- > > setup/bindir/cloud-set-guest-sshkey.in 15008b8 > > Diff: https://reviews.apache.org/r/11934/diff/ > > > Testing > ------- > > Tested on latest CentOS 6.4 template. Without this modification, machines > generated with with Cloudstack API's deployVirtualMachine and the keypair > parameter which have SELinux enabled still prompt for password even if the > correct private key is supplied to SSH. Once this patch is applied those > same VMs will allow login via public key. > > > Thanks, > > Ian Service > >
