[libvirt] [PATCH] Detect location fo selinux mount point
- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The SELinux mount point moved from /selinux to /sys/fs/selinux
when systemd came along.
* configure.ac: Probe for SELinux mount point
* src/lxc/lxc_container.c: Use SELinux mount point determined
by configure.ac
---
configure.ac | 19 ++++++++++++++++++-
src/lxc/lxc_container.c | 6 ++++--
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index d624ef2..c1f9f45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1238,6 +1238,10 @@ AC_ARG_WITH([selinux],
AC_HELP_STRING([--with-selinux], [use SELinux to manage security
@<:@default=check@:>@]),
[],
[with_selinux=check])
+AC_ARG_WITH([selinux_mount],
+ AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point
@<:@default=check@:>@]),
+ [],
+ [with_selinux_mount=check])
SELINUX_CFLAGS=
SELINUX_LIBS=
@@ -1261,7 +1265,20 @@ if test "$with_selinux" != "no"; then
LIBS="$old_libs"
fi
if test "$with_selinux" = "yes"; then
+ AC_MSG_CHECKING([SELinux mount point])
+ if test "$with_selinux_mount" = "check" || test -z
"$with_selinux_mount"; then
+ if test -d /sys/fs/selinux ; then
+ SELINUX_MOUNT=/sys/fs/selinux
+ else
+ SELINUX_MOUNT=/selinux
+ fi
+ else
+ SELINUX_MOUNT=$with_selinux_mount
+ fi
+ AC_MSG_RESULT([$SELINUX_MOUNT])
+
SELINUX_LIBS="-lselinux"
+ AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount
point])
AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is
available])
dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
@@ -2640,7 +2657,7 @@ AC_MSG_NOTICE([ Disk: $with_storage_disk])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Security Drivers])
AC_MSG_NOTICE([])
-AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux])
+AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)])
AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Driver Loadable Modules])
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 267fbfb..bb64b60 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -444,8 +444,10 @@ static int lxcContainerMountBasicFS(const char *srcprefix, bool
pivotRoot)
{ false, "/proc/sys", "/proc/sys", NULL, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY },
{ true, "/sys", "/sys", NULL, NULL, MS_BIND },
{ true, "/sys", "/sys", NULL, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY },
- { true, "/selinux", "/selinux", NULL, NULL, MS_BIND },
- { true, "/selinux", "/selinux", NULL, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY },
+#if HAVE_SELINUX
+ { true, SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND },
+ { true, SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY
},
+#endif
};
int i, rc = -1;
char *opts = NULL;
--
1.7.7.6
On 03/26/2012 09:40 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The SELinux mount point moved from /selinux to /sys/fs/selinux
when systemd came along.
* configure.ac: Probe for SELinux mount point
* src/lxc/lxc_container.c: Use SELinux mount point determined
by configure.ac
---
configure.ac | 19 ++++++++++++++++++-
src/lxc/lxc_container.c | 6 ++++--
2 files changed, 22 insertions(+), 3 deletions(-)
ACK.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4654
days inactive
4654
days old
1 comments
2 participants
tags (0)
participants (2)
-
Daniel P. Berrange -
Eric Blake