virt-sandbox-service assumes libvirt has selinux security model...
which is not necessarily the case. If no security model is defined,
then don't check for dynamic labels.
---
bin/virt-sandbox-service | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 9ed37e0..789c732 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -314,10 +314,32 @@ class Container:
context = self.context()
context.undefine()
+ def get_security_model(self):
+ # XXX selinux is the default for the while, needs to be configurable someday
+ model = "selinux"
+ supported = False
+
+ # Make sure we have a connection
+ self.connect()
+
+ # Loop over the security models from the host capabilities
+ configCaps = self.conn.get_capabilities()
+ hostCaps = configCaps.get_host()
+ secmodels = hostCaps.get_secmodels()
+ for secmodel in secmodels:
+ if secmodel.get_model() == model:
+ supported = True
+ break
+
+ if not supported:
+ model = None
+ return model
+
def create(self):
self.connect()
- if self.config.get_security_dynamic() and not self.use_image:
+ if self.get_security_model() is not None and \
+ self.config.get_security_dynamic() and not self.use_image:
raise ValueError([_("Dynamic security label only supported for image based containers")])
if self.uri != "lxc:///":
self.config.set_shell(True)
--
1.8.4.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list