Hello community, here is the log from the commit of package virt-sandbox for openSUSE:Factory checked in at 2014-06-25 21:20:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virt-sandbox (Old) and /work/SRC/openSUSE:Factory/.virt-sandbox.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "virt-sandbox" Changes: -------- --- /work/SRC/openSUSE:Factory/virt-sandbox/virt-sandbox.changes 2014-06-06 14:36:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.virt-sandbox.new/virt-sandbox.changes 2014-06-25 21:20:43.000000000 +0200 @@ -1,0 +2,9 @@ +Wed Jun 25 13:17:30 UTC 2014 - [email protected] + +- Renamed lib-prefix-fix.patch into 87a9b5cc-lib-prefix-fix.patch as + the patch has been integrated upstream. +- Removed selinux-only-if-supported.patch and created + 945e8e71-selinux-only-if-supported.patch with the version of the + patch that was integrated upstream. + +------------------------------------------------------------------- Old: ---- lib-prefix-fix.patch selinux-only-if-supported.patch New: ---- 87a9b5cc-lib-prefix-fix.patch 945e8e71-selinux-only-if-supported.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virt-sandbox.spec ++++++ --- /var/tmp/diff_new_pack.lMjyq7/_old 2014-06-25 21:20:44.000000000 +0200 +++ /var/tmp/diff_new_pack.lMjyq7/_new 2014-06-25 21:20:44.000000000 +0200 @@ -27,10 +27,11 @@ License: LGPL-2.0+ Group: System/Management Source0: ftp://libvirt.org/libvirt/sandbox/libvirt-sandbox-%{version}.tar.gz +Source1: %{name}.rpmlintrc # Pending upstream -Patch0: lib-prefix-fix.patch -Patch1: selinux-only-if-supported.patch +Patch0: 87a9b5cc-lib-prefix-fix.patch +Patch1: 945e8e71-selinux-only-if-supported.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: glib2-devel >= 2.32.0 ++++++ 87a9b5cc-lib-prefix-fix.patch ++++++ >From 2b6684d938bbfe7efafd0c3e2595cc30619b1f0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <[email protected]> Date: Tue, 13 May 2014 09:51:58 +0200 Subject: [PATCH] virt-sandbox-service: fixed /lib/ into /usr/lib for searching unit files --- bin/virt-sandbox-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 2dcbfb8..9ed37e0 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -1071,7 +1071,7 @@ class CheckUnit(argparse.Action): src = "/etc/systemd/system/" + unit if os.path.exists(src): return src - src = "/lib/systemd/system/" + unit + src = "/usr/lib/systemd/system/" + unit if os.path.exists(src): return src return None -- 1.8.4.5 ++++++ 945e8e71-selinux-only-if-supported.patch ++++++ >From 945e8e71436d457d2e94750fbf151e48b1d2ec63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <[email protected]> Date: Tue, 17 Jun 2014 16:01:53 +0200 Subject: [PATCH] Only set SELinux seclabel if supported by the host. This code depends on new API in libvirt-gconfig to extract the secmodels handled by the host. --- libvirt-sandbox/libvirt-sandbox-builder.c | 50 +++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c index 48b3acc..48fc9bc 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.c +++ b/libvirt-sandbox/libvirt-sandbox-builder.c @@ -322,12 +322,10 @@ static gboolean gvir_sandbox_builder_construct_devices(GVirSandboxBuilder *build return TRUE; } - -static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *builder G_GNUC_UNUSED, - GVirSandboxConfig *config G_GNUC_UNUSED, - const gchar *statedir G_GNUC_UNUSED, - GVirConfigDomain *domain, - GError **error G_GNUC_UNUSED) +static gboolean gvir_sandbox_builder_construct_security_selinux (GVirSandboxBuilder *builder, + GVirSandboxConfig *config, + GVirConfigDomain *domain, + GError **error) { GVirConfigDomainSeclabel *sec = gvir_config_domain_seclabel_new(); const char *label = gvir_sandbox_config_get_security_label(config); @@ -360,6 +358,46 @@ static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *buil return TRUE; } +static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *builder, + GVirSandboxConfig *config, + const gchar *statedir G_GNUC_UNUSED, + GVirConfigDomain *domain, + GError **error) +{ + GVirConnection *connection = gvir_sandbox_builder_get_connection(builder); + GVirConfigCapabilities *configCapabilities; + GVirConfigCapabilitiesHost *hostCapabilities; + GList *secmodels, *iter; + gboolean supportsSelinux = FALSE; + + /* What security models are available on the host? */ + if (!(configCapabilities = gvir_connection_get_capabilities(connection, error))) { + g_object_unref(connection); + return FALSE; + } + + hostCapabilities = gvir_config_capabilities_get_host(configCapabilities); + + secmodels = gvir_config_capabilities_host_get_secmodels(hostCapabilities); + for (iter = secmodels; iter != NULL; iter = iter->next) { + if (g_str_equal(gvir_config_capabilities_host_secmodel_get_model( + GVIR_CONFIG_CAPABILITIES_HOST_SECMODEL(iter->data)), "selinux")) + supportsSelinux = TRUE; + g_object_unref(iter->data); + } + + g_list_free(secmodels); + g_object_unref(hostCapabilities); + g_object_unref(configCapabilities); + g_object_unref(connection); + + if (supportsSelinux) + return gvir_sandbox_builder_construct_security_selinux(builder, config, + domain, error); + + return TRUE; +} + static gboolean gvir_sandbox_builder_clean_post_start_default(GVirSandboxBuilder *builder G_GNUC_UNUSED, GVirSandboxConfig *config G_GNUC_UNUSED, -- 1.8.4.5 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
