[Fedora-livecd-list] imgcreate/creator.py

Jeremy Katz katzj at fedoraproject.org
Fri Jan 30 23:29:37 UTC 2009


 imgcreate/creator.py |   33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

New commits:
commit f216bd2505d7de33028b229d57ca34735e86452d
Author: Daniel J Walsh <dwalsh at redhat.com>
Date:   Fri Jan 30 16:55:15 2009 -0500

    Support booleans
    
    These changes to livecd-tools are needed to allow a rpm that sets booleans (xguest) to install

diff --git a/imgcreate/creator.py b/imgcreate/creator.py
index 82db284..498f7e6 100644
--- a/imgcreate/creator.py
+++ b/imgcreate/creator.py
@@ -431,6 +431,13 @@ class ImageCreator(object):
                 os.symlink(src, self._instroot + dest)
         os.umask(origumask)
 
+    def __getbooleans(self):
+        booleans = []
+        for i in  selinux.security_get_boolean_names()[1]:
+            on = selinux.security_get_boolean_active(i)
+            booleans.append(("/booleans/%s" % i, "%d %d" % (on, on)))
+        return booleans
+
     def __create_selinuxfs(self):
         # if selinux exists on the host we need to lie to the chroot
         if os.path.exists("/selinux/enforce"):
@@ -438,18 +445,18 @@ class ImageCreator(object):
 
             # enforce=0 tells the chroot selinux is not enforcing
             # policyvers=999 tell the chroot to make the highest version of policy it can
-            files = (('/enforce', '0'),
-                     ('/policyvers', '999'))
-            for (file, value) in files:
+
+            files = [('/enforce', '0'),
+                     ('/policyvers', '999'),
+                     ('/commit_pending_bools', ''),
+                     ('/mls', str(selinux.is_selinux_mls_enabled()))]
+
+            for (file, value) in files + self.__getbooleans():
                 fd = os.open(selinux_dir + file, os.O_WRONLY | os.O_TRUNC | os.O_CREAT)
                 os.write(fd, value)
                 os.close(fd)
 
             # we steal mls from the host system for now, might be best to always set it to 1????
-            files = ("/mls",)
-            for file in files:
-                shutil.copyfile("/selinux" + file, selinux_dir + file)
-
             # make /load -> /dev/null so chroot policy loads don't hurt anything
             os.mknod(selinux_dir + "/load", 0666 | stat.S_IFCHR, os.makedev(1, 3))
 
@@ -466,13 +473,11 @@ class ImageCreator(object):
     def __destroy_selinuxfs(self):
         # if the system was running selinux clean up our lies
         if os.path.exists("/selinux/enforce"):
-            files = ('/enforce',
-                     '/policyvers',
-                     '/mls',
-                     '/load')
-            for file in files:
+            for root, dirs, files in os.walk(self._instroot + "/selinux"):
+                if root == self._instroot + "/selinux":
+                    continue
                 try:
-                    os.unlink(self._instroot + "/selinux" + file)
+                    os.unlink(root)
                 except OSError:
                     pass
 
@@ -502,7 +507,7 @@ class ImageCreator(object):
 
         self._mount_instroot(base_on)
 
-        for d in ("/dev/pts", "/etc", "/boot", "/var/log", "/var/cache/yum", "/sys", "/proc", "/selinux"):
+        for d in ("/dev/pts", "/etc", "/boot", "/var/log", "/var/cache/yum", "/sys", "/proc", "/selinux/booleans"):
             makedirs(self._instroot + d)
 
         cachesrc = cachedir or (self.__builddir + "/yum-cache")





More information about the Fedora-livecd-list mailing list