Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:GA
virt-sandbox
baf47f5b-service-check-secmodel.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File baf47f5b-service-check-secmodel.patch of Package virt-sandbox
From baf47f5b85628b6245d0514c93b451bfac726537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com> Date: Mon, 7 Jul 2014 13:56:31 +0200 Subject: [PATCH] virt-sandbox-service: check for security label only if they can be handled virt-sandbox-service assumes libvirt has selinux security model... which is not necessarily the case. If no security model is defined, then don't check for dynamic labels. --- bin/virt-sandbox-service | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 9ed37e0..789c732 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -314,10 +314,32 @@ class Container: context = self.context() context.undefine() + def get_security_model(self): + # XXX selinux is the default for the while, needs to be configurable someday + model = "selinux" + supported = False + + # Make sure we have a connection + self.connect() + + # Loop over the security models from the host capabilities + configCaps = self.conn.get_capabilities() + hostCaps = configCaps.get_host() + secmodels = hostCaps.get_secmodels() + for secmodel in secmodels: + if secmodel.get_model() == model: + supported = True + break + + if not supported: + model = None + return model + def create(self): self.connect() - if self.config.get_security_dynamic() and not self.use_image: + if self.get_security_model() is not None and \ + self.config.get_security_dynamic() and not self.use_image: raise ValueError([_("Dynamic security label only supported for image based containers")]) if self.uri != "lxc:///": self.config.set_shell(True) -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor