This patch allows the creating of seclabel in the XML.
diff -r 143cad71a2a6 virtinst/Guest.py --- a/virtinst/Guest.py Mon Mar 09 23:31:51 2009 -0400 +++ b/virtinst/Guest.py Wed Mar 18 11:26:04 2009 -0400 @@ -32,7 +32,7 @@ from virtinst import _virtinst as _ import logging import signal - +import selinux class Guest(object): @@ -40,6 +40,14 @@ _DEFAULTS = osdict.DEFAULTS _OS_TYPES = osdict.OS_TYPES + SEC_MODEL_NONE = "none" + SEC_MODEL_SELINUX = "selinux" + sec_models = [SEC_MODEL_NONE, SEC_MODEL_SELINUX ] + + SEC_TYPE_DYNAMIC = "dynamic" + SEC_TYPE_STATIC = "static" + sec_types = [SEC_TYPE_DYNAMIC, SEC_TYPE_STATIC ] + def list_os_types(): return osdict.sort_helper(Guest._OS_TYPES) list_os_types = staticmethod(list_os_types) @@ -71,6 +79,10 @@ self._cpuset = None self._graphics_dev = None self._consolechild = None + self._secmodel = None + self._sectype = self.SEC_TYPE_DYNAMIC + + self._seclabel = None self._os_type = None self._os_variant = None @@ -326,6 +338,40 @@ # Properties that are mapped through to the Installer + # Security model used to secure guest image + def get_secmodel(self): + return self._secmodel + def set_secmodel(self, val): + if val in self.sec_models: + self._secmodel = val + else: + raise ValueError, _("Security model must be one of: %s") % ", ".join(self.sec_models) + + secmodel = property(get_secmodel, set_secmodel) + + def get_sectype(self): + return self._sectype + def set_sectype(self, val): + if val in self.sec_types: + self._sectype = val + else: + raise ValueError, _("Security type must be one of: %s") % ", ".join(self.sec_types) + + sectype = property(get_sectype, set_sectype) + + # Security context used to secure guest process + def get_seclabel(self): + return self._seclabel + def set_seclabel(self, val): + self._seclabel = val + if self.get_secmodel() == self.SEC_MODEL_SELINUX: + try: + selinux.security_check_context(val) + except OSError: + raise ValueError, _("Security label %s invalid") % val + + seclabel = property(get_seclabel, set_seclabel) + # Hypervisor name (qemu, xen, kvm, etc.) def get_type(self): return self._installer.type @@ -425,6 +471,24 @@ xml = _util.xml_append(xml, hostdev.get_xml_config()) return xml + def _get_sectype_xml(self): + xml = "" + if self._sectype != None: + xml = " type='%s'" % self._sectype + return xml + + def _get_seclabel_xml(self): + xml = "" + if self._seclabel != None: + xml = "\n <label>%s</label>" % self._seclabel + return xml + + def _get_security_xml(self): + xml = "" + if self._secmodel != None: + xml = " <seclabel model='%s'%s>%s\n </seclabel>" % ( self._secmodel, self._get_sectype_xml(), self._get_seclabel_xml()) + return xml + def _get_device_xml(self, install=True): xml = "" @@ -513,6 +577,7 @@ <devices> %(devices)s </devices> +%(security)s </domain> """ % { "type": self.type, "name": self.name, \ @@ -523,7 +588,8 @@ "maxramkb": self.maxmemory * 1024, \ "devices": self._get_device_xml(install), \ "osblob": osblob, \ - "action": action } + "action": action, \ + "security": self._get_security_xml()} def start_install(self, consolecb=None, meter=None, removeOld=False,
_______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools