As described in #53385 (and #31759), the docker connection driver did
not support privilege escalation. This commit is a shameless
cut-and-paste of the privilege escalation support from the `local`
connection plugin into the `docker` plugin.
This is a backport to stable-2.7 of #55816.
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
(cherry picked from commit 0432b7f2522dbf82c4fabdb3fd17f7ac83f34e62)
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
(cherry picked from commit a16128f778b1e7574c5986aed26e146ac0561533)
* Add changelog fragment for sysctl
(cherry picked from commit 3ad9d4d83c1d2bbfccefb8388904c596d98f8731)
Implement a new method for shadow file parsing so it can be subclassed..
(cherry picked from commit f27eccabbd)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.7] Move missing library abort to use rather than import for netconf (#55384).
(cherry picked from commit b442706b54)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* missing_required_lib not in 2.7
* psrp - Fix raw and script tests for connection plugin
* Fix error propagation with raw in psrp
* uncomment test
(cherry picked from commit fdf9df89f5)
* nxos_interface:DI: delay only when operation state check is requested (#54862)
* nxos_interface:DI: should only use delay when operation state check is requested
There is a 10 second delay that is added for every interface that is changed.
This delay should only occur when a task sets one of the `want` vars.
* /return/continue/
(cherry picked from commit 0fe6bf911a)
* changelog
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
(cherry picked from commit d64b17731d)
* The Univention modules have a issue with an unassigned variable.
The variable diff is only assigned if state is 'present', else the
variable is unused. But the module will return the diff variable as a
return value. If the state isn't 'present' the module will fail with an
python UnboundLocalError exception.
(cherry picked from commit 26fa97922abb9bc197af5745e83c235c2d652116)
* Add a changelog fragment for PR 55083.
(cherry picked from commit b4ae654890a606bf5321c6b1a612d77de9ef47dd)
* Allow all of yum version compare operators
* * yum: name="foo >= VERSION" integration test
* changelog fragment
(cherry picked from commit 1532e31ec0)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
(cherry picked from commit 7d27348356)
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
(cherry picked from commit c254b93796)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit d15812fabf)
Fixes#53236
* If dispatch() rpc response has data element
return the xml string from `<data>` element
else return the complete xml string from
`<rpc-reply>`.
(cherry picked from commit aac5ef5e13e692c09bfd30772311733878b01035)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes.
(cherry picked from commit cf69ec5db0)
Co-authored-by: Evan Kaufman <evan.kaufman@gmail.com>
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement
* Fix Foreman returning host parameters
Foreman (1.20) returns the `all_parameters` key as a list of dicts, not a dict of key-value pairs.
* Fix for type error
The empty type here should be a dict, not a list as is has a `get` done
on it next.
(cherry picked from commit e94e80c79eab425637638205efa0eae368389dcd)
* Return dict directly to avoid failing key lookup
(cherry picked from commit 545b98645d04b2d26eb95354d8edf4d8e9d4e2a2)
* Add changelog fragment for #54333