Hello community, here is the log from the commit of package virt-sandbox for openSUSE:Factory checked in at 2014-07-11 06:45:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virt-sandbox (Old) and /work/SRC/openSUSE:Factory/.virt-sandbox.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "virt-sandbox" Changes: -------- --- /work/SRC/openSUSE:Factory/virt-sandbox/virt-sandbox.changes 2014-06-25 21:20:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.virt-sandbox.new/virt-sandbox.changes 2014-07-11 06:45:57.000000000 +0200 @@ -1,0 +2,11 @@ +Mon Jul 7 13:30:07 UTC 2014 - [email protected] + +- bnc#885464: make virt-sandbox-service not check for dynamic security + label if libvirt doesn't support selinux. +- Fixed a few paths problems in virt-sandbox-service + +- added patches: + * service-check-secmodel.patch + * service-suse-paths.patch + +------------------------------------------------------------------- New: ---- service-check-secmodel.patch service-suse-paths.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virt-sandbox.spec ++++++ --- /var/tmp/diff_new_pack.qkrZ7I/_old 2014-07-11 06:45:58.000000000 +0200 +++ /var/tmp/diff_new_pack.qkrZ7I/_new 2014-07-11 06:45:58.000000000 +0200 @@ -29,9 +29,12 @@ Source0: ftp://libvirt.org/libvirt/sandbox/libvirt-sandbox-%{version}.tar.gz Source1: %{name}.rpmlintrc -# Pending upstream +# Upstream patches Patch0: 87a9b5cc-lib-prefix-fix.patch Patch1: 945e8e71-selinux-only-if-supported.patch +# Patches pending upstream review +Patch100: service-check-secmodel.patch +Patch101: service-suse-paths.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: glib2-devel >= 2.32.0 @@ -87,6 +90,8 @@ %setup -q -n libvirt-sandbox-%{version} %patch0 -p1 %patch1 -p1 +%patch100 -p1 +%patch101 -p1 %build ++++++ service-check-secmodel.patch ++++++ >From baf47f5b85628b6245d0514c93b451bfac726537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <[email protected]> Date: Mon, 7 Jul 2014 13:56:31 +0200 Subject: [PATCH] virt-sandbox-service: check for security label only if they can be handled virt-sandbox-service assumes libvirt has selinux security model... which is not necessarily the case. If no security model is defined, then don't check for dynamic labels. --- bin/virt-sandbox-service | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 9ed37e0..789c732 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -314,10 +314,32 @@ class Container: context = self.context() context.undefine() + def get_security_model(self): + # XXX selinux is the default for the while, needs to be configurable someday + model = "selinux" + supported = False + + # Make sure we have a connection + self.connect() + + # Loop over the security models from the host capabilities + configCaps = self.conn.get_capabilities() + hostCaps = configCaps.get_host() + secmodels = hostCaps.get_secmodels() + for secmodel in secmodels: + if secmodel.get_model() == model: + supported = True + break + + if not supported: + model = None + return model + def create(self): self.connect() - if self.config.get_security_dynamic() and not self.use_image: + if self.get_security_model() is not None and \ + self.config.get_security_dynamic() and not self.use_image: raise ValueError([_("Dynamic security label only supported for image based containers")]) if self.uri != "lxc:///": self.config.set_shell(True) -- 1.8.4.5 ++++++ service-suse-paths.patch ++++++ >From a54e094bc5c4dc38d87d707184f1b712a4595d71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <[email protected]> Date: Mon, 7 Jul 2014 14:55:12 +0200 Subject: [PATCH] virt-sandbox-service: fix some paths for SUSE Don't fail is /etc/rc.d/init.d/functions doesn't exist: this is deprecated in LSB and /lib/lsb/init-functions should be used instead. Similarily, SUSE distros have /etc/skel/.profile instead of /etc/skel/.bash_profile. Added one more file to check and be more lennient with missing ones --- bin/virt-sandbox-service | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 789c732..5a3f6ab 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -414,7 +414,7 @@ def is_template_unit(unit): class SystemdContainer(Container): IGNORE_DIRS = [ "/var/run/", "/etc/logrotate.d/", "/etc/pam.d" ] DEFAULT_DIRS = [ "/etc", "/var" ] - PROFILE_FILES = [ ".bashrc", ".bash_profile" ] + PROFILE_FILES = [ ".bashrc", ".bash_profile", ".profile" ] MACHINE_ID = "/etc/machine-id" HOSTNAME = "/etc/hostname" SYSVINIT_PATH = "/etc/rc.d" @@ -422,7 +422,7 @@ class SystemdContainer(Container): MULTI_USER_WANTS_PATH = "/usr/lib/systemd/system/multi-user.target.wants" SYSINIT_WANTS_PATH = "/usr/lib/systemd/system/sysinit.target.wants" SOCKET_WANTS_PATH = "/usr/lib/systemd/system/sockets.target.wants" - MAKE_SYSTEM_DIRS = [ "/var/lib/dhclient", "/var/lib/dbus", "/var/log", "/var/spool", "/var/cache", "/var/tmp", "/var/lib/nfs/rpc_pipefs", SYSVINIT_PATH ] + MAKE_SYSTEM_DIRS = [ "/var/lib/dhclient", "/var/lib/dbus", "/var/log", "/var/spool", "/var/cache", "/var/tmp", "/var/lib/nfs/rpc_pipefs", SYSVINIT_PATH, "/lib/lsb" ] BIND_SYSTEM_DIRS = [ "/var", "/home", "/root", "/etc/systemd/system", "/etc/rc.d", "/usr/lib/systemd/system/basic.target.wants", "/usr/lib/systemd/system/local-fs.target.wants", ANACONDA_WANTS_PATH, MULTI_USER_WANTS_PATH, SYSINIT_WANTS_PATH, SOCKET_WANTS_PATH ] BIND_SYSTEM_FILES = [ MACHINE_ID, "/etc/fstab", HOSTNAME ] LOCAL_LINK_FILES = { SYSINIT_WANTS_PATH : [ "systemd-tmpfiles-setup.service" ] , SOCKET_WANTS_PATH : [ "dbus.socket", "systemd-journald.socket", "systemd-shutdownd.socket", "systemd-initctl.socket" ] } @@ -722,8 +722,15 @@ PrivateNetwork=false destpath = self.dest + self.SYSVINIT_PATH for i in range(7): os.mkdir(destpath+("/rc%s.d" % i)) - os.mkdir(destpath+"/init.d") - shutil.copy(self.SYSVINIT_PATH + "/init.d/functions" , destpath + "/init.d") + + # Copy both /etc/rc.d/init.d/functions and /lib/lsb/init-functions, even + # though the latter is the one recommended + if os.path.exists(self.SYSVINIT_PATH + "/init.d/functions"): + os.mkdir(destpath+"/init.d") + shutil.copy(self.SYSVINIT_PATH + "/init.d/functions" , destpath + "/init.d") + + if os.path.exists("/lib/lsb/init-functions"): + shutil.copy("/lib/lsb/init-functions" , self.dest + "/lib/lsb/") self.gen_machine_id() self.gen_hostname() @@ -759,7 +766,8 @@ PrivateNetwork=false for p in self.PROFILE_FILES: profile = "/etc/skel/" + p - shutil.copy(profile, self.dest + "/root/") + if os.path.exists(profile): + shutil.copy(profile, self.dest + "/root/") self.fix_protection() -- 1.8.4.5 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
