Yaniv Bronhaim has uploaded a new change for review.
Change subject: Adding back sebool-un\config verbs to keep backwards
compatibility
......................................................................
Adding back sebool-un\config verbs to keep backwards compatibility
Keeping sebool verbs in vdsm-tool to have that available for the node
hook [1]. Other than that, old spec on %postun calls to sebool-unconfig,
which should be available to avoid errors.
Change-Id: I802e795a0f2513b60dfb7c1e70614bf56b351ee5
Signed-off-by: Yaniv Bronhaim <ybron...@redhat.com>
---
A lib/vdsm/tool/seboolsetup.py
1 file changed, 77 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/08/34508/1
diff --git a/lib/vdsm/tool/seboolsetup.py b/lib/vdsm/tool/seboolsetup.py
new file mode 100644
index 0000000..fc8f726
--- /dev/null
+++ b/lib/vdsm/tool/seboolsetup.py
@@ -0,0 +1,77 @@
+#
+# Copyright 2012 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Refer to the README and COPYING files for full details of the license
+#
+
+from . import expose, ExtraArgsError
+
+SEBOOL_ENABLED = "on"
+SEBOOL_DISABLED = "off"
+
+VDSM_SEBOOL_LIST = [
+ "virt_use_fusefs",
+ "virt_use_nfs",
+ "virt_use_samba",
+ "virt_use_sanlock",
+ "sanlock_use_fusefs",
+ "sanlock_use_nfs",
+ "sanlock_use_samba",
+]
+
+
+def setup_booleans(status):
+ # loading seobject is slow. Deferring its loading can reduce VDSM starting
+ # time, because most utilities are and will be moved to vdsm-tool.
+ import seobject
+ sebool_obj = seobject.booleanRecords()
+ sebool_status = sebool_obj.get_all()
+
+ sebool_obj.start()
+
+ for sebool_variable in VDSM_SEBOOL_LIST:
+ if status and not all(sebool_status[sebool_variable]):
+ sebool_obj.modify(sebool_variable, SEBOOL_ENABLED)
+
+ if not status and any(sebool_status[sebool_variable]):
+ sebool_obj.modify(sebool_variable, SEBOOL_DISABLED)
+
+ sebool_obj.finish()
+
+
+@expose("sebool-config")
+def sebool_config(*args):
+ """
+ sebool-config
+ Enable the required selinux booleans
+ """
+
+ if len(args) > 1:
+ raise ExtraArgsError()
+
+ setup_booleans(True)
+
+
+@expose("sebool-unconfig")
+def sebool_unconfig(*args):
+ """
+ sebool-unconfig
+ Disable the required selinux booleans
+ """
+ if len(args) > 1:
+ raise ExtraArgsError()
+ setup_booleans(False)
--
To view, visit http://gerrit.ovirt.org/34508
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I802e795a0f2513b60dfb7c1e70614bf56b351ee5
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Yaniv Bronhaim <ybron...@redhat.com>
_______________________________________________
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
