Re: [PATCH] Support NetWare PV installs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




This patch allows the creating of seclabel in the XML.
diff -r 143cad71a2a6 virtinst/Guest.py
--- a/virtinst/Guest.py	Mon Mar 09 23:31:51 2009 -0400
+++ b/virtinst/Guest.py	Wed Mar 18 11:26:04 2009 -0400
@@ -32,7 +32,7 @@
 from virtinst import _virtinst as _
 import logging
 import signal
-
+import selinux
 
 class Guest(object):
 
@@ -40,6 +40,14 @@
     _DEFAULTS = osdict.DEFAULTS
     _OS_TYPES = osdict.OS_TYPES
 
+    SEC_MODEL_NONE = "none"
+    SEC_MODEL_SELINUX = "selinux"
+    sec_models = [SEC_MODEL_NONE, SEC_MODEL_SELINUX ]
+
+    SEC_TYPE_DYNAMIC = "dynamic"
+    SEC_TYPE_STATIC = "static"
+    sec_types = [SEC_TYPE_DYNAMIC, SEC_TYPE_STATIC ]
+
     def list_os_types():
         return osdict.sort_helper(Guest._OS_TYPES)
     list_os_types = staticmethod(list_os_types)
@@ -71,6 +79,10 @@
         self._cpuset = None
         self._graphics_dev = None
         self._consolechild = None
+        self._secmodel = None
+        self._sectype = self.SEC_TYPE_DYNAMIC
+
+        self._seclabel = None
 
         self._os_type = None
         self._os_variant = None
@@ -326,6 +338,40 @@
 
     # Properties that are mapped through to the Installer
 
+    # Security model used to secure guest image 
+    def get_secmodel(self):
+        return self._secmodel
+    def set_secmodel(self, val):
+        if val in self.sec_models:
+            self._secmodel = val
+        else:
+            raise ValueError, _("Security model must be one of: %s")  % ", ".join(self.sec_models)
+
+    secmodel = property(get_secmodel, set_secmodel)
+
+    def get_sectype(self):
+        return self._sectype
+    def set_sectype(self, val):
+        if val in self.sec_types:
+            self._sectype = val
+        else:
+            raise ValueError, _("Security type must be one of: %s")  % ", ".join(self.sec_types)
+
+    sectype = property(get_sectype, set_sectype)
+ 
+    # Security context used to secure guest process
+    def get_seclabel(self):
+        return self._seclabel
+    def set_seclabel(self, val):
+        self._seclabel = val
+        if self.get_secmodel() == self.SEC_MODEL_SELINUX:
+            try:
+                selinux.security_check_context(val)
+            except OSError:
+                raise ValueError, _("Security label %s invalid")  % val
+                
+    seclabel = property(get_seclabel, set_seclabel)
+  
     # Hypervisor name (qemu, xen, kvm, etc.)
     def get_type(self):
         return self._installer.type
@@ -425,6 +471,24 @@
             xml = _util.xml_append(xml, hostdev.get_xml_config())
         return xml
 
+    def _get_sectype_xml(self):
+        xml = ""
+        if self._sectype != None:
+            xml = " type='%s'" % self._sectype
+        return xml
+
+    def _get_seclabel_xml(self):
+        xml = ""
+        if self._seclabel != None:
+            xml = "\n    <label>%s</label>" % self._seclabel
+        return xml
+
+    def _get_security_xml(self):
+        xml = ""
+        if self._secmodel != None:
+            xml = "  <seclabel model='%s'%s>%s\n  </seclabel>" % ( self._secmodel, self._get_sectype_xml(), self._get_seclabel_xml())
+        return xml
+
     def _get_device_xml(self, install=True):
         xml = ""
 
@@ -513,6 +577,7 @@
   <devices>
 %(devices)s
   </devices>
+%(security)s
 </domain>
 """ % { "type": self.type,
         "name": self.name, \
@@ -523,7 +588,8 @@
         "maxramkb": self.maxmemory * 1024, \
         "devices": self._get_device_xml(install), \
         "osblob": osblob, \
-        "action": action }
+        "action": action, \
+        "security": self._get_security_xml()}
 
 
     def start_install(self, consolecb=None, meter=None, removeOld=False,
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux