Re: [libvirt] [sandbox PATCH 1/2] Add virt-sandbox -s inherit, to execute the sandbox from the parent.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/15/2013 04:48 AM, Daniel P. Berrange wrote: > On Tue, Aug 13, 2013 at 01:10:11PM -0400, Dan Walsh wrote: >> This will allow us to run sandbox as the calling process, If I am >> running a shell as staff_u:unconfined_r:unconfined_t:s0, and I execute >> virt-sandbox -c lxc/// -- /bin/sh >> >> /bin/sh will run as staff_u:unconfined_r:unconfined_t:s0 --- >> bin/virt-sandbox-service.pod | 6 +++++- bin/virt-sandbox.c >> | 9 ++++++++- configure.ac | 1 + >> libvirt-sandbox.spec.in | 1 + >> libvirt-sandbox/Makefile.am | 2 ++ >> libvirt-sandbox/libvirt-sandbox-config.c | 14 ++++++++++++++ >> m4/virt-selinux.m4 | 11 +++++++++++ 7 files >> changed, 42 insertions(+), 2 deletions(-) create mode 100644 >> m4/virt-selinux.m4 > > You've taken what was previously 3 separate patches fixing 3 separate bugs, > and merged them into one giant patch. This is really bad - separate > functional fixes must always be kept as separate patches. > > The actual changes look good, but please split it back up into 3 separate > patches & repost. > > Daniel > Not quite sure what you are talking about, I sent two patches, the inherit patch included some fixes to the virt-sandbox-service.pod, which I will split out.