65598582f5
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=179
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From d9618fed8ff241c6f127f08ec59fea9c8b8e12a6 Mon Sep 17 00:00:00 2001
|
|
From: Alberto Planas <aplanas@suse.com>
|
|
Date: Tue, 27 Oct 2020 13:16:37 +0100
|
|
Subject: [PATCH] grains: master can read grains
|
|
|
|
---
|
|
salt/grains/extra.py | 10 ++++++++--
|
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/salt/grains/extra.py b/salt/grains/extra.py
|
|
index d25faac3b7..7729a5c0a5 100644
|
|
--- a/salt/grains/extra.py
|
|
+++ b/salt/grains/extra.py
|
|
@@ -76,8 +76,14 @@ def __secure_boot():
|
|
enabled = False
|
|
sboot = glob.glob("/sys/firmware/efi/vars/SecureBoot-*/data")
|
|
if len(sboot) == 1:
|
|
- with salt.utils.files.fopen(sboot[0], "rb") as fd:
|
|
- enabled = fd.read()[-1:] == b"\x01"
|
|
+ # The minion is usually running as a privileged user, but is
|
|
+ # not the case for the master. Seems that the master can also
|
|
+ # pick the grains, and this file can only be readed by "root"
|
|
+ try:
|
|
+ with salt.utils.files.fopen(sboot[0], "rb") as fd:
|
|
+ enabled = fd.read()[-1:] == b"\x01"
|
|
+ except PermissionError:
|
|
+ pass
|
|
return enabled
|
|
|
|
|
|
--
|
|
2.29.2
|
|
|
|
|