Ovirt devel - Nov 2008 - [PATCH ovirt-node-image] enable policy utility newrole for initscripts

---
 common-pkgs.ks      |    1 +
 ovirt-node-image.ks |    9 +++++++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/common-pkgs.ks b/common-pkgs.ks
index 6588582..2f0ef75 100644
--- a/common-pkgs.ks
+++ b/common-pkgs.ks
@@ -4,6 +4,7 @@ kernel
 hwdata
 passwd
 policycoreutils
+policycoreutils-newrole
 rootfiles
 dhclient
 openssh-clients
diff --git a/ovirt-node-image.ks b/ovirt-node-image.ks
index c974173..96e0193 100644
--- a/ovirt-node-image.ks
+++ b/ovirt-node-image.ks
@@ -14,6 +14,15 @@ rm -f /var/lib/rpm/__db*
 
 touch /.autorelabel
 
+# enable newrole for initscripts
+augtool <<EOF
+ins 0 before /files/etc/pam.d/newrole/1
+set /files/etc/pam.d/newrole/0/type auth
+set /files/etc/pam.d/newrole/0/control sufficient
+set /files/etc/pam.d/newrole/0/module pam_rootok.so
+save
+EOF
+
 %end
 
 %post
-- 
1.5.6.5

ovirt-config-storage needs to access libvirt,
and initscripts run in initrc_t which can't access libvirtd socket
---
 scripts/ovirt-config-setup |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/scripts/ovirt-config-setup b/scripts/ovirt-config-setup
index 8408d14..0f53100 100755
--- a/scripts/ovirt-config-setup
+++ b/scripts/ovirt-config-setup
@@ -14,7 +14,9 @@ while true; do
 
         case "$OPTION" in
             "Networking") ovirt-config-networking ; break ;;
-            "Storage")    ovirt-config-storage    ; break ;;
+            "Storage")
+                newrole -t virtd_t -- -c ovirt-config-storage ;
+                break ;;
             "Logging")    ovirt-config-logging    ; break ;;
             "Password")   ovirt-config-password   ; break ;;
             "Quit")       exit 0 ;;
-- 
1.5.6.5

On Thu, Nov 20, 2008 at 10:08 PM, Darryl Pierce <dpierce at redhat.com>
wrote:
> Alan Pevec wrote:
> > On Thu, Nov 20, 2008 at 9:24 PM, Darryl Pierce <dpierce at
redhat.com
> > <mailto:dpierce at redhat.com>> wrote:
> >
> >     In running this script plus the other for node-image I'm not
able to
> get
> >     the firstboot system working.
> >
> >     During boot the firstboot script itself never runs.
> >
> > Is standalone boot entry selected?
> > cat /proc/cmdline
>
> No, it wasn't booted from the standalone grub entry. I instead let it
> boot normally and fail to detech a server suite instead.
>
> Restarting and explicitly selecting the standalone option brought up the
> firstboot menu.
>
> >     When I log in as root and run the firstboot script itself, using
both
> >     "service ovirt-firstboot start" and
"/etc/init.d/ovirt-firstboot
> start",
> >     I see no output and am dumped directly back to the command prompt.
> >
> >
> > that's how it should behave in managed i.e. non-standalone mode
>
> The node was booted without a server suite even started, so should have
> come up in standalone mode.
>
Yeah, it was defined like that in initial discussions but when implementing
I was not able to make this reliable. What if e.g. DHCP or DNS is just
temporarily unavailable? Managed vs Standalone mode must be explicit admin
decision, not at the mercy of the current network status.
Standalone boot entry will be made default on Node ISO and ovirt-flash/-pxe
scripts will get an option to change default boot parameters (patches
pending) so that admin can choose managed vs standalone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/ovirt-devel/attachments/20081120/62fdc388/attachment.htm>