This patch allows the creating of seclabel in the XML.
diff -r 143cad71a2a6 virtinst/Guest.py
--- a/virtinst/Guest.py Mon Mar 09 23:31:51 2009 -0400
+++ b/virtinst/Guest.py Wed Mar 18 11:26:04 2009 -0400
@@ -32,7 +32,7 @@
from virtinst import _virtinst as _
import logging
import signal
-
+import selinux
class Guest(object):
@@ -40,6 +40,14 @@
_DEFAULTS = osdict.DEFAULTS
_OS_TYPES = osdict.OS_TYPES
+ SEC_MODEL_NONE = "none"
+ SEC_MODEL_SELINUX = "selinux"
+ sec_models = [SEC_MODEL_NONE, SEC_MODEL_SELINUX ]
+
+ SEC_TYPE_DYNAMIC = "dynamic"
+ SEC_TYPE_STATIC = "static"
+ sec_types = [SEC_TYPE_DYNAMIC, SEC_TYPE_STATIC ]
+
def list_os_types():
return osdict.sort_helper(Guest._OS_TYPES)
list_os_types = staticmethod(list_os_types)
@@ -71,6 +79,10 @@
self._cpuset = None
self._graphics_dev = None
self._consolechild = None
+ self._secmodel = None
+ self._sectype = self.SEC_TYPE_DYNAMIC
+
+ self._seclabel = None
self._os_type = None
self._os_variant = None
@@ -326,6 +338,40 @@
# Properties that are mapped through to the Installer
+ # Security model used to secure guest image
+ def get_secmodel(self):
+ return self._secmodel
+ def set_secmodel(self, val):
+ if val in self.sec_models:
+ self._secmodel = val
+ else:
+ raise ValueError, _("Security model must be one of: %s") % ",
".join(self.sec_models)
+
+ secmodel = property(get_secmodel, set_secmodel)
+
+ def get_sectype(self):
+ return self._sectype
+ def set_sectype(self, val):
+ if val in self.sec_types:
+ self._sectype = val
+ else:
+ raise ValueError, _("Security type must be one of: %s") % ",
".join(self.sec_types)
+
+ sectype = property(get_sectype, set_sectype)
+
+ # Security context used to secure guest process
+ def get_seclabel(self):
+ return self._seclabel
+ def set_seclabel(self, val):
+ self._seclabel = val
+ if self.get_secmodel() == self.SEC_MODEL_SELINUX:
+ try:
+ selinux.security_check_context(val)
+ except OSError:
+ raise ValueError, _("Security label %s invalid") % val
+
+ seclabel = property(get_seclabel, set_seclabel)
+
# Hypervisor name (qemu, xen, kvm, etc.)
def get_type(self):
return self._installer.type
@@ -425,6 +471,24 @@
xml = _util.xml_append(xml, hostdev.get_xml_config())
return xml
+ def _get_sectype_xml(self):
+ xml = ""
+ if self._sectype != None:
+ xml = " type='%s'" % self._sectype
+ return xml
+
+ def _get_seclabel_xml(self):
+ xml = ""
+ if self._seclabel != None:
+ xml = "\n <label>%s</label>" % self._seclabel
+ return xml
+
+ def _get_security_xml(self):
+ xml = ""
+ if self._secmodel != None:
+ xml = " <seclabel model='%s'%s>%s\n </seclabel>" % (
self._secmodel, self._get_sectype_xml(), self._get_seclabel_xml())
+ return xml
+
def _get_device_xml(self, install=True):
xml = ""
@@ -513,6 +577,7 @@
<devices>
%(devices)s
</devices>
+%(security)s
</domain>
""" % { "type": self.type,
"name": self.name, \
@@ -523,7 +588,8 @@
"maxramkb": self.maxmemory * 1024, \
"devices": self._get_device_xml(install), \
"osblob": osblob, \
- "action": action }
+ "action": action, \
+ "security": self._get_security_xml()}
def start_install(self, consolecb=None, meter=None, removeOld=False,
_______________________________________________
et-mgmt-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
