Displaying 20 results from an estimated 9000 matches similar to: "[PATCH v2 0/7] Fix SELinux"
2016 Jul 13
6
[PATCH 0/5] Fix SELinux
We can use the setfiles(8) command to relabel the guest filesystem,
even though we don't have a policy loaded nor SELinux enabled in the
appliance kernel.
This also deprecates or removes the old and broken SELinux support.
This patch isn't quite complete - I would like to add some tests to
the new API. I'm posting here to garner early feedback.
Rich.
2016 Jul 14
2
[PATCH 0/2] Build mllib and customize into libraries.
Simplifies the build a bit.
This is on top of the previous SELinux relabelling patch set, although
not related to it.
Rich.
2014 May 24
9
SELinux relabel API
[
I realized that we were discussing adding this feature, in various
private email, IRC, and this long bugzilla thread:
https://bugzilla.redhat.com/show_bug.cgi?id=1060423
That's not how we should do things. Let's discuss it on the
mailing list.
]
One thing that virt-customize/virt-sysprep/virt-builder have to do is
relabel SELinux guests.
What we do at the moment
2014 Mar 18
2
[PATCH] customize: Move virt-customize-related code to a separate
There's not going to be an easy way to present this patch. It's huge
and interconnected.
Anyway, what it does is lay the groundwork for a new tool which I'm
calling 'virt-customize'. virt-customize is virt-builder, but without
the part where it downloads a template from a respository. Just the
part where it customizes the template, that is, installing packages,
editing
2014 May 26
2
[PATCH 2/2] Use setfiles from the appliance for the SELinux relabel (RHBZ#1089100).
Rewrite the relabel API to read the policy configured in the guest,
invoking setfiles (added as part of the appliance, as part of
policycoreutils) to relabel the specified root. In case of failure at
any point of the process, a touch of .autorelabel in the root is tried
as last-attempt measure to do the relabel.
Considering that running SELinux tools in the appliance might be
affected by the
2020 Sep 23
6
[common PATCH 0/3] SELinux_relabel: relabel only if enforcing (RHBZ#1828952)
Continuation/rework of:
https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html
This is my approach, as I explained here:
https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4
https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html
IOW: do not attempt to relabel if the guest is not enforcing, as it is
either useless or may fail; few words more are in the comments of patch
#3.
2015 Oct 29
7
[PATCH 0/7] v2v: Miscellaneous refactorings.
Just refactoring.
Rich.
2020 May 05
3
[PATCH libguestfs-common 1/2] mlcustomize: Refactor SELinux_relabel code.
This shouldn't change the effect of this code.
---
mlcustomize/SELinux_relabel.ml | 121 ++++++++++++++++++---------------
1 file changed, 65 insertions(+), 56 deletions(-)
diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml
index 44995df..5df1f08 100644
--- a/mlcustomize/SELinux_relabel.ml
+++ b/mlcustomize/SELinux_relabel.ml
@@ -28,65 +28,74 @@ module G = Guestfs
2017 Mar 20
2
[PATCH] daemon: selinux: Add setfiles -vv flags when verbose.
This shows which files are being relabelled. Also only use -q
(suppress non-error output) when we are not verbose.
---
daemon/selinux-relabel.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 2f48ee6..e7da42d 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -112,8 +112,11 @@
2017 Sep 26
5
[PATCH 0/5] Miscellaneous refactoring of common/utils, create common/mltools
Miscellaneous refactoring, but the main one is to rename mllib/
as common/mltools/
Rich.
2017 Jun 09
12
[PATCH 00/12] Refactor utility functions.
This turned out to be rather more involved than I thought.
We have lots of utility functions, spread all over the repository,
with not a lot of structure. This moves many of them under common/
and structures them so there are clear dependencies.
This doesn't complete the job by any means. Other items I had on my
to-do list for this change were:
- Split up mllib/common_utils into:
-
2015 May 11
3
[PATCH 1/2] mllib: Require OUnit2 for tests.
OUnit2 has an OUnit (v1) compatibility module. Unfortunately it
is rather gravely broken:
https://forge.ocamlcore.org/tracker/?func=detail&aid=1392&group_id=162&atid=730
Since there is no new release fixing this, it's easier to switch to
using OUnit2 for unit tests.
---
.gitignore | 2 +-
README | 2 +-
mllib/JSON_tests.ml | 56
2015 Jul 17
4
[PATCH v2 0/2] basic subscription-manager support in virt-customize
Hi,
this is the v2 of a series introducing basic support for
registering/attaching/unregistering RHEL guests using
subscription-manager, so it is possible to do for example:
$ virt-customize -a rhel-guest.qcow2 \
--sm-credentials user:file:/path/to/password-file --sm-register \
--sm-attach file:/path/to/pool-file \
--install pkg1 --install pkg2 .. \
--sm-remove --sm-unregister
2017 Jun 19
16
[PATCH v7 00/13] Refactor utilities
This is just the utilities part of the patch series from:
https://www.redhat.com/archives/libguestfs/2017-June/msg00103.html
I believe this addresses everything raised in comments on that
patch series.
Rich.
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote:
> Do not attempt to relabel a guest in case its SELinux enforcing mode is
> not "enforcing", as it is either pointless, or it may fail because of an
> invalid policy configured.
> ---
> mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++-
> 1 file changed, 25 insertions(+), 1 deletion(-)
>
2017 Jun 12
32
[PATCH v5 00/32] Refactor utilities, implement some APIs in OCaml.
This is a combination of:
https://www.redhat.com/archives/libguestfs/2017-June/msg00046.html
[PATCH 00/12] Refactor utility functions.
plus:
https://www.redhat.com/archives/libguestfs/2017-June/msg00023.html
[PATCH v3 00/19] Allow APIs to be implemented in OCaml.
with the second patches rebased on top of the utility refactoring, and
some other adjustments and extensions.
This passes
2016 Jun 02
3
[PATCH 0/3] builder: Warn if --output is a host partition.
Rather complex patch to solve a small user error. Warn if the
user is doing something like: virt-builder -o /dev/sdX1
Rich.
2016 Jun 15
3
[PATCH 2/3] Convert source so it can be compiled with OCaml '-safe-string' option.
OCaml 4.02 introduced the 'bytes' type, a mutable string intended to
replace the existing 'string' type for those cases where the byte
array can be mutated. In future the 'string' type will become
immutable. This is not the default now, but it can be forced using
the '-safe-string' compile option.
I tested this on Fedora 24 (OCaml 4.02) & RHEL 7 (OCaml 4.01).
2014 Nov 25
3
[PATCH] mllib: use Unix.isatty
Make use of Unix.isatty instead of our TTY.isatty_stdout, as the
supported OCaml provides the former already.
---
mllib/common_utils.ml | 10 +++++-----
mllib/progress.ml | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml
index 295981c..9fcd8dd 100644
--- a/mllib/common_utils.ml
+++ b/mllib/common_utils.ml
@@ -207,15 +207,15
2016 Jun 24
2
[PATCH] RFC: OCaml tools: add and use a Getopt module
Add a new Getopt module to mllib, to parse command line arguments with
handlers close to the ones used with Arg, but using getopt(3) (actually
getopt_long_only) to do the real parsing. This allow us to provide
options for OCaml tools with a syntax similar to the C tools, and use
the additional features getopt offers and Arg does not.
Do a single-step conversion of Common_utils and all the OCaml