similar to: [PATCH 0/2] Implement virt-builder --selinux-relabel option.

Displaying 20 results from an estimated 600 matches similar to: "[PATCH 0/2] Implement virt-builder --selinux-relabel option."

2014 Jan 28
3
[PATCH 1/2] daemon: If /selinux exists in the guest, bind-mount /sys/fs/selinux to there.
Commit 72afcf450a78b7e58f65b4a7aaf94d71cd25fca5 was partially incorrect. If the guest userspace is expecting /selinux to exist, then we should bind-mount /sys/fs/selinux from the appliance kernel there. --- daemon/command.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/daemon/command.c b/daemon/command.c index 1aa1a52..939bf87 100644 --- a/daemon/command.c
2009 Aug 12
2
[PATCH] If using SELinux, mount /selinux in the appliance
I think this patch is also uncontroversial. If selinux=1 then we mount /selinux in the appliance. We also bind-mount it into guests when running commands, just like we do for /proc, /dev etc. If SELinux is disabled, then /selinux doesn't get mounted. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual
2015 Dec 05
6
[PATCH 0/6 v2] [FOR COMMENTS ONLY] Rework inspection.
This is a more working version. Inspection (partially) succeeds on a real guest this time :-) You can test it out on a real guest (in this case, a CentOS disk image located at /tmp/centos-6.img) by doing: $ ./run guestfish -v -x -a /tmp/centos-6.img ><fs> run ><fs> debug sh "guestfs-inspection --verbose" which will print lots of debugging, and at the end the
2016 Jan 21
8
[PATCH v3 0/6] [FOR COMMENTS ONLY] Rework inspection.
For background on this change, see: https://rwmj.wordpress.com/2015/12/06/inspection-now-with-added-prolog/ v2 was previously posted here: https://www.redhat.com/archives/libguestfs/2015-December/msg00038.html To test this patch series on a real guest, you can do: $ ./run guestfish -v -x -a /var/tmp/centos-6.img ><fs> run ><fs> debug sh "guestfs-inspection
2013 Aug 18
3
missing chdir before chroot in guestfsd
daemon.c does just a chroot, without chdir. The result is that pwd does not work correctly (it causes fs/dcache.c:prepend_unreachable() to add the unreachable string). A workaround is to add "cd /" before each sh command. ><fs> mount /dev/sda2 / ><fs> sh "cd / ; chroot / ; /bin/pwd" / ><fs> sh "/bin/pwd" (unreachable)/ ><fs> sh
2011 Jun 09
15
[PATCH 00/13] Fix errors found using Coverity static analyzer.
I ran the Coverity static analyzer[1] on libguestfs, and fixed many errors as a result. Coverity found some errors in gnulib, but it doesn't seem to be worth following those up since the version of gnulib we are using is so old. There are a couple more errors (possibly 1 false-positive) which I'm going to send in a separate email. BTW all the errors found by Coverity were in the daemon
2016 Jan 21
0
[PATCH v3 1/6] daemon: Rename daemon/command.c -> daemon/sh.c.
Simply a file rename, no other change. --- daemon/Makefile.am | 2 +- daemon/command.c | 319 ----------------------------------------------------- daemon/sh.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++++++++ po/POTFILES | 2 +- 4 files changed, 321 insertions(+), 321 deletions(-) delete mode 100644 daemon/command.c create mode 100644 daemon/sh.c diff --git
2014 Jan 28
0
Re: [PATCH 1/2] daemon: If /selinux exists in the guest, bind-mount /sys/fs/selinux to there.
On Tuesday 28 January 2014 16:21:09 Richard W.M. Jones wrote: > Commit 72afcf450a78b7e58f65b4a7aaf94d71cd25fca5 was partially > incorrect. If the guest userspace is expecting /selinux to exist, > then we should bind-mount /sys/fs/selinux from the appliance kernel > there. > --- > daemon/command.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) >
2014 Feb 21
2
[PATCH] builder: add an arch field to sources read from indexes
Add an architecture field for all the entries in each index, so we know which architecture they are (not used right now, but will be in the future). The problematic part here is properly marking with the correct architecture: since we only know the current index on libguestfs.org contains x86_64/amd64 images, entries coming from it are marked that way; images in all the other indexes
2013 Aug 24
46
[PATCH 00/46] Proposed patches for libguestfs 1.20.11.
Tested with 'make check-release'. tests/parallel (in check-slow) failed, although it does regularly and that seems to be because of libvirt. Rich.
2014 Mar 18
2
[PATCH] customize: Move virt-customize-related code to a separate
There's not going to be an easy way to present this patch. It's huge and interconnected. Anyway, what it does is lay the groundwork for a new tool which I'm calling 'virt-customize'. virt-customize is virt-builder, but without the part where it downloads a template from a respository. Just the part where it customizes the template, that is, installing packages, editing
2014 Jan 10
3
[PATCH 0/3] Timezone and keyboard layout settings in virt-builder and virt-sysprep.
Setting timezone is easy. It turns out to be almost impossible to set keyboard layout in virt-builder sanely, so I have added some examples instead. Coming up next, setting languages in virt-builder (clue: very very very hard). Rich.
2014 Jan 16
5
[PATCH 0/3] Add JSON output for virt-builder
Hi, This small patch serie adds a JSON output for virt-builder. This way it is possible to parse the list of available templates, with no need to parse the unstructured and possibly changing short and long outputs of virt-builder. Pino Toscano (3): builder: small refactor of the list output builder: add --list-format builder: add a JSON output for --list builder/builder.ml
2015 May 15
5
[PATCH 0/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1212807
2014 Mar 11
4
Re: [PATCH] builder: complete architecture handling
On Tuesday 11 March 2014 10:09:45 Richard W.M. Jones wrote: > On Mon, Mar 10, 2014 at 02:28:20PM +0100, Pino Toscano wrote: > > Add the possibility to choose which architecture use to build the > > wanted image (--arch). Since this implies that running commands on > > the guest is usually not possible when the architecture is > > different than the host one, another new
2014 May 24
9
SELinux relabel API
[ I realized that we were discussing adding this feature, in various private email, IRC, and this long bugzilla thread: https://bugzilla.redhat.com/show_bug.cgi?id=1060423 That's not how we should do things. Let's discuss it on the mailing list. ] One thing that virt-customize/virt-sysprep/virt-builder have to do is relabel SELinux guests. What we do at the moment
2016 Jul 14
10
[PATCH v2 0/7] Fix SELinux
v1 -> v2: - Add simple test of the setfiles API. - Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel). - Small fixes. Rich.
2016 Jul 13
6
[PATCH 0/5] Fix SELinux
We can use the setfiles(8) command to relabel the guest filesystem, even though we don't have a policy loaded nor SELinux enabled in the appliance kernel. This also deprecates or removes the old and broken SELinux support. This patch isn't quite complete - I would like to add some tests to the new API. I'm posting here to garner early feedback. Rich.
2015 Nov 19
5
[PATCH] daemon: always provide stdin when running chroot commands (RHBZ#1280029)
When running commands in the mounted guest (using the "command" API, and APIs based on it), provide the /dev/null from the appliance as open fd for stdin. Commands usually assume stdin is open if they didn't close it explicitly, so this should avoid crashes or misbehavings due to that. --- daemon/command.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)
2015 Dec 02
3
[PATCH] daemon: improve internal commandrvf
- add a flag to request chroot for the process, which is done only as very last (before chdir) operation before exec'ing the process in the child: this avoids using CHROOT_IN & CHROOT_OUT around command* invocations, and reduces the code spent in chroot mode - add failure checks for dup2 and open done in child, not proceeding to executing the process if they fail - open /dev/null