DHCP sandboxing failing on noexec mounted /var/tmp

[otubo]

If /var/tmp is mounted with noexec option the DHCP sandboxing will fail
with Permission Denied. This patch simply avoids this error by checking
the exec permission updating the dhcp path in negative case.

rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1857309

Signed-off-by: Eduardo Otubo otubo@redhat.com

[github-actions]

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging mitechie, and he will ensure that someone takes a look soon.

(If the pull request is closed, please do feel free to reopen it if you wish to continue working on it.)

[TheRealFalcon]

Hey @otubo , thanks for contribution. This looks good. One request is that you add a test for the changes. I've attached a patch you can use. If you incorporate this we should be able to get it merged right away.

add_test.patch.txt

[smoser]

less than ideal in that we copy the entire binary (~500k) here just to then throw it away in the case that we couldn't execute it.

But its not significantly more hacky than the thing we're already working around (apparmor).

we really need native python dhcp client.

[mitechie]

we really need native python dhcp client.

Yes, this is the thing we came to in trying to find the "right" fix and that's too big of a scope for the moment.