DHCP sandboxing failing on noexec mounted /var/tmp #521
Conversation
If /var/tmp is mounted with noexec option the DHCP sandboxing will fail with Permission Denied. This patch simply avoids this error by checking the exec permission updating the dhcp path in negative case. rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1857309 Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close. If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging mitechie, and he will ensure that someone takes a look soon. (If the pull request is closed, please do feel free to reopen it if you wish to continue working on it.) |
github-actions
bot
added
the
stale-pr
There was a problem hiding this comment.
Hey @otubo , thanks for contribution. This looks good. One request is that you add a test for the changes. I've attached a patch you can use. If you incorporate this we should be able to get it merged right away.
TheRealFalcon
removed
the
stale-pr
There was a problem hiding this comment.
less than ideal in that we copy the entire binary (~500k) here just to then throw it away in the case that we couldn't execute it.
But its not significantly more hacky than the thing we're already working around (apparmor).
we really need native python dhcp client.
Yes, this is the thing we came to in trying to find the "right" fix and that's too big of a scope for the moment. |
If /var/tmp is mounted with noexec option the DHCP sandboxing will fail
with Permission Denied. This patch simply avoids this error by checking
the exec permission updating the dhcp path in negative case.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1857309
Signed-off-by: Eduardo Otubo otubo@redhat.com