[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ovirt-devel] [PATCH node-image] add ovirt semodule in Node



Alan Pevec <apevec redhat com> wrote:

> For now, it is only to allow qemu to access disk partitions directly,
> required in order to use iSCSI storage pools with SELinux enabled.
>
> Signed-off-by: Alan Pevec <apevec redhat com>
> ---
>  common-post.ks |   16 +++++++++++++++-
>  1 files changed, 15 insertions(+), 1 deletions(-)
>
> diff --git a/common-post.ks b/common-post.ks
> index a4f5858..d44324c 100644
> --- a/common-post.ks
> +++ b/common-post.ks
> @@ -43,12 +43,26 @@ cat > /etc/sysconfig/iptables << \EOF
>  COMMIT
>  EOF
>
> +# make disks available to VMs
> +cat > /tmp/ovirt.te <<EOF

Nice.
One suggestion: if you add single quotes or a backslash ('EOF' or \EOF),

    cat > /tmp/ovirt.te <<\EOF

then the reviewer wouldn't have to examine contents for occurrences
of "$" or `` that would be substituted.

> +module ovirt 1.0.0;
> +require {
> +    type fixed_disk_device_t;
> +    type qemu_t;
> +    class blk_file { ioctl getattr setattr read write };
> +}
> +allow qemu_t fixed_disk_device_t:blk_file { ioctl getattr setattr read write };
> +EOF
...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]