virt-sandbox should be launching containers based off the lxc_context
file from selinux-policy. I changed the hard coded paths to match the
latest fedora assigned labels.
Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its
lxc_contexts file.
---
bin/virt-sandbox-service
selinux-policy-3.12.1-87.fc21
selinux-policy-3.12.1-87.fc20
Now have lxc_contexts files that look like
cat /etc/selinux/targeted/contexts/lxc_contexts
lxc=system_u:system_r:svirt_lxc_net_t:s0
qemu=system_u:system_r:svirt_qemu_net_t:s0
kvm=system_u:system_r:svirt_qemu_net_t:s0
virt-sandbox should be launching containers based off the lxc_context
file from selinux-policy. I changed the hard coded paths to match the
latest fedora assigned labels.
Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its
lxc_contexts file.
---
bin/virt-sandbox-service
[sandbox PATCH] virt-sandbox patch to launch containers with proper
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Do not attempt to fix the unit file of Generic Containers.
---
bin/virt-sandbox-service | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 03873c9..3e83c94 100755
---
This will allow us to run sandbox as the calling process, If I am
running a shell as staff_u:unconfined_r:unconfined_t:s0, and I
execute virt-sandbox -c lxc/// -- /bin/sh
/bin/sh will run as staff_u:unconfined_r:unconfined_t:s0
---
bin/virt-sandbox.c | 4
Since lots of people want to try out LXC with virt-sandbox, executing
-c lxc:/// is a pain, but users might not know about the varible or the
config file.
---
bin/virt-sandbox.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c
index
[sandbox PATCH 1/5] Add virt-sandbox -s inherit, to execute the
[sandbox PATCH 2/5] Unit files only exist in Systemd Containers.
[sandbox PATCH 3/5] -S is not supported by virt-sandbox
[sandbox PATCH 4/5] Fix SEE ALSO lines to be multi-line
[sandbox PATCH 5/5] virt-sandbox needs to mention
-S option has been removed from virt-sandbox, should be removed from man page.
---
bin/virt-sandbox.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c
index 14700d7..c21a8a6 100644
--- a/bin/virt-sandbox.c
+++ b/bin/virt-sandbox.c
@@ -269,8 +269,6 @@
---
bin/virt-sandbox-service.pod | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service.pod b/bin/virt-sandbox-service.pod
index 7752145..b879a46 100644
--- a/bin/virt-sandbox-service.pod
+++ b/bin/virt-sandbox-service.pod
@@ -54,7 +54,11 @@ supported
This will allow us to run sandbox as the calling process, If I am
running a shell as staff_u:unconfined_r:unconfined_t:s0, and I
execute virt-sandbox -c lxc/// -- /bin/sh
The second patch fixes a problem when users try to upgrade Generic Containers.
[sandbox PATCH 1/2] Add virt-sandbox -s
-s static,label=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Well running virt-sandbox -s inherit would run as unconfined_t for most users.
I the future we need to add a check to libvirt to ask SELinux if it is ok for a
user to transiton to the label, rather then just to do it.
This will allow us to run sandbox as the calling process, If I am
running a shell as staff_u:unconfined_r:unconfined_t:s0, and I
execute virt-sandbox -c lxc/// -- /bin/sh
/bin/sh will run as staff_u:unconfined_r:unconfined_t:s0
---
bin/virt-sandbox-service.pod | 6 +-
Do not attempt to fix the unit file of Generic Containers.
---
bin/virt-sandbox-service | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 03873c9..3e83c94 100755
---
The command will allow administrators or the systemd service to reload units
which are running within a container. If you have one or more units defined
for a container, then just those units will get the reloads, as opposed to
stopping and restarting the container.
---
bin/virt-sandbox-service
This patch removes all __METHOD and _METHOD functions calls. Since it is not
intended that virt-sandbox-service will be imported into another python module,
there is limited value to using the internal indicators.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 118
Coverity found that we could be leaking memory with virt-sandbox-service-util -e
---
bin/virt-sandbox-service-util.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service-util.c b/bin/virt-sandbox-service-util.c
index 4d164d8..a292fcd 100644
---
GlibGerror can be raised by virt-sandbox-service, this patch will catch
the exception and write the error to stderr.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 4
1 file changed, 4 insertions(+)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
bash_completion scripts have added a new way to do completions, where you
place you scripts in /usr/share/bash_completion/completions rather then
/etc/bash_completions.d.
We should follow the new standard, and this patch moves our bash_completion
script to the proper location with the proper
We need to add support for interactive sandbox/containers for OpenShift.
This patch will create the correct container type based off the
/etc/libvirt-sandbox/service/*
---
bin/virt-sandbox-service-util.c | 31 +++
1 file changed, 19 insertions(+), 12 deletions(-)
Resend of patches with lots of cleanups.
This patch set adds InteractiveContainer support to virt-sandbox-service
command. This is needed if we want to support the OpenShift model of
containers.
There are also some bug fix patches in the set.
[sandbox PATCH 01/15]
virt-sandbox-service execute is not supported on qemu sandboxes.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 8c9ea76..7b0410a 100755
This way we can share common methods between the ServiceContainer and the
InteractiveContainer (Patch to be added)
---
bin/virt-sandbox-service | 754 ---
1 file changed, 385 insertions(+), 369 deletions(-)
diff --git a/bin/virt-sandbox-service
This patch moves CONFIG_PATH external from the Container Class. This will
eliminate the need to create a container to get this constant.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/bin
We need to prevent SYSVInit scripts from running by default in the
ServiceContainer. The so we recreate all of the directories under /etc/rc.d
and copy the functions file over.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 10 +++---
1 file changed, 7 insertions
save_config uses an internal variable to indicate the path to the virt-sandbox
configuration file, this path renames this variable to prevent confusion.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 12 ++--
1 file changed, 6 insertions(+), 6 deletions
First use case will be OpenShift
Differentiate on create based on whether one or more unit files specified
(ServiceContainer), or a command is specified (Interactive Container).
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service| 165
Wrap all output strings with _() to make sure we get proper translations.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 48
1 file changed, 24 insertions(+), 24 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin
Current the documentation says that you use --clone while the code uses --copy
when you are createing a sandbox service container.
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service-create.pod | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/bin/virt
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 8571374..8c9ea76 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -928,7
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index ca472f5..f32fd4a 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
So I am execing a virsh list command to show all of the running containers.
---
bin/virt-sandbox-service | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index b559cf5..ceb05b3 100755
---
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service-util.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service-util.c b/bin/virt-sandbox-service-util.c
index 4d164d8..430518f 100644
--- a/bin/virt-sandbox-service-util.c
+++ b
---
bin/virt-sandbox-service | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index f32fd4a..9f4941b 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -453,7 +453,7 @@
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 48
1 file changed, 24 insertions(+), 24 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 0e38577..a064e9a 100755
--- a/bin/virt-sandbox
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service-create.pod | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/bin/virt-sandbox-service-create.pod
b/bin/virt-sandbox-service-create.pod
index 1f82e1d..3fb8ae0 100644
--- a/bin/virt-sandbox-service
---
bin/virt-sandbox-service | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index ceb05b3..1cce6a5 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -909,7 +909,7 @@ def usage(parser, msg):
def
. These
containers will
run a setup script and then a user process to actually run the application.
From Dan Walsh dwa...@redhat.com # This line is ignored.
From: Dan Walsh dwa...@redhat.com
Subject:
In-Reply-To:
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/Makefile.am | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/bin/Makefile.am b/bin/Makefile.am
index 69af01e..4f98aa4 100644
--- a/bin/Makefile.am
+++ b/bin/Makefile.am
@@ -5,7 +5,7 @@ libexec_PROGRAMS = virt
Differentiating on which kind of container to create based off of the
--command == InteractiveContainer
--unitfile == ServiceContainer
Resorted create args to be shown aphabetically except for the --command and
--unitfile which I want to come at the end.
---
bin/virt-sandbox-service | 139
---
bin/virt-sandbox-service | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 1cce6a5..fe659e2 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -971,6 +971,9 @@ def fullpath(cmd):
return
We need to add support for interactive sandbox/containers for OpenShift.
This patch will create the correct container type based off the
/etc/libvirt-sandbox/service/*
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service-util.c | 31 +++
1 file
Python makes assumptions about __METHOD names that will break some of the other
patches that I am adding, involving inheritance of classes. The _METHODS are
treated the same as any methods, but still give maintainers an idea that they
should not be used.
Signed-off-by: Dan Walsh dwa
This way we can share common methods between the ServiceContainer and the
InteractiveContainer
---
bin/virt-sandbox-service | 823 ++-
1 file changed, 450 insertions(+), 373 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
The basic idea is to allow administrators or the systemd service to reload
units which are running within a container. If you have one or more units
defined
for a container, then just those units will get the reloads, as opposed to
stopping and restarting the container.
Signed-off-by: Dan
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 4
1 file changed, 4 insertions(+)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index b816933..ca472f5 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -1074,3 +1074,7
Signed-off-by: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 7f4dcc8..b816933 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
47 matches
Mail list logo