On Tue, Apr 02, 2013 at 06:11:28PM -0400, Dan Walsh wrote:
This way we can share common methods between the ServiceContainer and the InteractiveContainer --- bin/virt-sandbox-service | 823 ++++++++++++++++++++++++++--------------------- 1 file changed, 450 insertions(+), 373 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 9f4941b..f4d0eff 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -58,56 +58,387 @@ def read_config(name): return LibvirtSandbox.Config.load_from_path(get_config_path(name))
class Container: + DEFAULT_PATH = "/var/lib/libvirt/filesystems" + DEFAULT_IMAGE = "/var/lib/libvirt/images/%s.raw" + SELINUX_FILE_TYPE = "svirt_lxc_file_t" + + def __init__(self, name=None, uri = "lxc:///", path = DEFAULT_PATH, config=None, create=False): + self.uri = uri + self.use_image = False + self.size = 10 * MB + self.path = path + self.config = None + if self.config: + self.name = self.config.get_name() + else: + self.name = name + self.dest = "%s/%s" % (self.path, self.name) + self.file_type = self.SELINUX_FILE_TYPE + self.conn = None + self.image = None + self.uid = 0 + + def get_file_type(self): + return self.file_type + + def set_file_type(self, file_type): + self.file_type = file_type + + def set_uid(self, uid): + self.uid = uid + + def get_uid(self): + return self.uid + + def get_config_path(self, name = None): + if not name: + name = self.name + return get_config_path(name) + + def get_filesystem_path(self, name = None): + if not name: + name = self.get_name() + return self.DEFAULT_PATH + "/" + name + + def get_image_path(self, name = None): + if not name: + name = self.get_name() + return self.DEFAULT_IMAGE % name + + def set_image(self, size): + self.use_image = True + self.size = size * MB + + def set_path(self, path): + self.path = path + self.dest = "%s/%s" % (self.path, self.name) + + def get_name(self): + return self.name + + def set_name(self, name): + if self.config: + raise ValueError([_("Cannot modify Name")]) + self.name = name + self.dest = "%s/%s" % (self.path, self.name) + + def set_security(self, val): + return self.config.set_security_opts(val) + + def add_network(self, val): + return self.config.add_network_opts(val) + + def get_security_dynamic(self): + return self.config.get_security_dynamic() +
+ def get_security_type(self): + try: + if self.config: + con = self.config.get_security_label().split(':') + return con[2] + except: + pass + return "svirt_lxc_net_t" + + def get_security_level(self): + try: + if self.config: + con = self.config.get_security_label().split(':') + return ":".join(con[3:]) + except: + pass + return "s0" + + def get_security_label(self): + return self.config.get_security_label() + + def set_security_label(self): + if selinux is None: + return + + if self.image or self.get_security_dynamic(): + return + + selabel = self.get_security_label() + if selabel is None: + raise ValueError([_("Missing security label configuration")]) + parts = selabel.split(":") + selinux.chcon(self.dest, "system_u:object_r:%s:%s" % ( + self.get_file_type(), ":".join(parts[3:])), True) + + def set_security_type(self, security_type): + label = "system_u:system_r:%s:%s" % (security_type, self.get_security_level()) + try: + selinux.security_check_context(label) + self.config.set_security_label(label) + except OSError, e: + raise OSError(_("Invalid Security Type %s: %s ") % (security_type, e)) + + def set_security_level(self, security_level): + label = "system_u:system_r:%s:%s" % (self.get_security_type(), security_level) + try: + selinux.security_check_context(label) + self.config.set_security_label(label) + except OSError, e: + raise OSError(_("Invalid Security Level %s: %s ") % (security_level, e))
This patch seems to have had a bad merge. You're adding in new methods here, which don't exist in the code being removed later. These methods were things I deleted when removing SELinux-isms from this code.
@@ -491,10 +701,13 @@ PrivateNetwork=false for f in self.BIND_SYSTEM_FILES: self._makefile(f)
- shutil.copy(self.FUNCTIONS, "%s%s" % (self.dest, self.FUNCTIONS)) + destpath = self.dest + self.SYSVINIT_PATH + for i in range(7): + os.mkdir(destpath+("/rc%s.d" % i)) + os.mkdir(destpath+"/init.d")
This seems to be adding new functionality, not related to plain refactoring
+ shutil.copy(self.SYSVINIT_PATH + "/init.d/functions" , destpath + "/init.d")
self.gen_machine_id() - self.gen_hostname()
for k in self.LOCAL_LINK_FILES:
Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|