[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Ovirt-devel] [PATCH node-image] add ovirt semodule in Node



For now, it is only to allow qemu to access disk partitions directly,
required in order to use iSCSI storage pools with SELinux enabled.

Signed-off-by: Alan Pevec <apevec redhat com>
---
 common-post.ks |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/common-post.ks b/common-post.ks
index a4f5858..d44324c 100644
--- a/common-post.ks
+++ b/common-post.ks
@@ -43,12 +43,26 @@ cat > /etc/sysconfig/iptables << \EOF
 COMMIT
 EOF
 
+# make disks available to VMs
+cat > /tmp/ovirt.te <<EOF
+module ovirt 1.0.0;
+require {
+    type fixed_disk_device_t;
+    type qemu_t;
+    class blk_file { ioctl getattr setattr read write };
+}
+allow qemu_t fixed_disk_device_t:blk_file { ioctl getattr setattr read write };
+EOF
+checkmodule -M -m -o /tmp/ovirt.mod /tmp/ovirt.te
+semodule_package -o /tmp/ovirt.pp -m /tmp/ovirt.mod
+semodule -i /tmp/ovirt.pp
+
 echo "Removing excess RPMs"
 
 RPM="rpm -v -e --nodeps"
 
 # kernel pulls in mkinitrd which pulls in isomd5sum which pulls in python,
-# and livecd-tools needs lokkit to disable SELinux.
+# and livecd-tools needs lokkit to configure SELinux.
 # However, this is just an install-time dependency; we can remove
 # it afterwards, which we do here
 $RPM -e system-config-firewall-tui system-config-network-tui rhpl \
-- 
1.5.5.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]