File baf47f5b-service-check-secmodel.patch of Package virt-sandbox

Overview Repositories Revisions Requests Users Attributes Meta

File baf47f5b-service-check-secmodel.patch of Package virt-sandbox

From baf47f5b85628b6245d0514c93b451bfac726537 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 7 Jul 2014 13:56:31 +0200
Subject: [PATCH] virt-sandbox-service: check for security label only if they
 can be handled

virt-sandbox-service assumes libvirt has selinux security model...
which is not necessarily the case. If no security model is defined,
then don't check for dynamic labels.
---
 bin/virt-sandbox-service | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 9ed37e0..789c732 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -314,10 +314,32 @@ class Container:
         context = self.context()
         context.undefine()
 
+    def get_security_model(self):
+        # XXX selinux is the default for the while, needs to be configurable someday
+        model = "selinux"
+        supported = False
+
+        # Make sure we have a connection
+        self.connect()
+
+        # Loop over the security models from the host capabilities
+        configCaps = self.conn.get_capabilities()
+        hostCaps = configCaps.get_host()
+        secmodels = hostCaps.get_secmodels()
+        for secmodel in secmodels:
+            if secmodel.get_model() == model:
+                supported = True
+                break
+
+        if not supported:
+            model = None
+        return model
+
 
     def create(self):
         self.connect()
-        if self.config.get_security_dynamic() and not self.use_image:
+        if self.get_security_model() is not None and \
+           self.config.get_security_dynamic() and not self.use_image:
             raise ValueError([_("Dynamic security label only supported for image based containers")])
         if self.uri != "lxc:///":
             self.config.set_shell(True)
-- 
1.8.4.5

Places

File baf47f5b-service-check-secmodel.patch of Package virt-sandbox

Places