On Tue, Mar 12, 2013 at 01:06:59PM -0600, Eric Blake wrote:
On 03/12/2013 11:28 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Add a new virDomainLxcEnterSecurityLabel() function as a counterpart to virDomainLxcEnterNamespaces(), which can change the current calling process to have a new security context. This call runs client side, not in libvirtd so we can't use the security driver infrastructure.
When entering a namespace, the process spawned from virsh will default to running with the security label of virsh. The actual desired behaviour is to run with the security label of the container most of the time. So this changes virsh lxc-enter-namespace command to invoke the virDomainLxcEnterSecurityLabel method.
include/libvirt/libvirt-lxc.h | 4 ++ python/generator.py | 1 + src/libvirt-lxc.c | 96 +++++++++++++++++++++++++++++++++++++++++++ tools/virsh-domain.c | 32 +++++++++++++++ 4 files changed, 133 insertions(+)
Missing an entry in src/libvirt_lxc.syms to actually expose the new function in the .so.
Applying the following: diff --git a/src/libvirt_lxc.syms b/src/libvirt_lxc.syms index b5be18b..ccf1be9 100644 --- a/src/libvirt_lxc.syms +++ b/src/libvirt_lxc.syms @@ -15,3 +15,8 @@ LIBVIRT_LXC_1.0.2 { virDomainLxcEnterNamespace; virDomainLxcOpenNamespace; }; + +LIBVIRT_LXC_1.0.4 { + global: + virDomainLxcEnterSecurityLabel; +} LIBVIRT_LXC_1.0.2; Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|