cgwalters
commented
10 years ago Yep, I just commented to this effect on the last one =)
I can take care of doing the SELinux dance internally to run the scripts as unconfined_t, it's just a call to setexeccon().
(Ironically, the cloud-init support for SELinux is what pulls in the python SELinux bindings which pull in a lot of stuff...all just for what can be done directly in C)
cloud-init can do many fancy things, but most of them could be emulated by just running a shell script.
I do not propose that you implement the entire cloud-config syntax — or, in fact, any of it. However, if the userdata begins with
#!, execute it.See http://cloudinit.readthedocs.org/en/latest/topics/format.html#user-data-script
Note that this may require an update to selinux policy so that the script runs unconfined.