On Sat, Dec 13, 2008 at 11:24:08AM -0500, Michael DeHaan wrote: > ... the following patch is working. SELinux will complaint > > , but this does not prevent us of successful 'semanage' execution. > > So you can apply it, at least we will have working/booting LV > > images after system reboot, despite annoying selinux messsages. > > > > > Thanks alot...... I've asked this before, but if you are going to send > in a patch either send it as an attachment or send it from > git-format-patch/git-send-email. > Saves a lot of time and is also easier on you... Okay, will be doing this way ...
latest news, ... The .call(semanage) is safe itself, but it hits the problem, that very difficult to triage. There is a leak of file descriptor to child. Will try to find out this ... And I think you can drop the patch with semanage inside, unless we need it asap, and I guess - we don't. :) Anyway, I don't like it in the form it's here. -- Anton > > == > > > > koan/app.py | 24 +++++++++++++++++------- > > 1 files changed, 17 insertions(+), 7 deletions(-) > > > > diff --git a/koan/app.py b/koan/app.py > > index 5031bed..1eae1dd 100755 > > --- a/koan/app.py > > +++ b/koan/app.py > > @@ -1420,13 +1420,23 @@ class Koan: > > args = "/usr/sbin/selinuxenabled" > > selinuxenabled = sub_process.call(args) > > if selinuxenabled == 0: > > - # permissive or enforcing or something else, and > > - # set appropriate security context for LVM partition > > - args = "/usr/bin/chcon -t virt_image_t %s" % > > partition_location > > - print "%s" % args > > - change_context = sub_process.call(args, shell=True) > > - if change_context != 0: > > - raise InfoException, "SELinux security context > > setting to LVM partition failed" > > + # permissive or enforcing or something else > > + context = "virt_image_t" > > + > > + # check the current context > > + args = "/bin/ls -Z %s" % partition_location > > + context_str = sub_process.Popen(args, > > stdout=sub_process.PIPE, shell=True).communicate()[0] > > + if context_str.find(context) == -1: > > + # set appropriate security context for LVM > > partition > > + args = "/usr/bin/chcon -t virt_image_t %s" % > > partition_location > > + print "%s" % args > > + change_context = sub_process.call(args, shell=True) > > + # make the context for LVM partition permanent by > > updating the policy > > + args = "/usr/sbin/semanage fcontext -a -t %s %s" % > > (context, partition_location) > > + print "%s" % args > > + permanent_context = sub_process.call(args, > > shell=True) > > + if change_context != 0 or permanent_context != 0: > > + raise InfoException, "SELinux security context > > setting to LVM partition failed" > > > > # return partition location > > return partition_location -- -Anton _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
