[PATCH 1/2] Add virGetUserDirectoryByUID to retrieve users homedir
[PATCH 2/2] virt-login-shell joins users into lxc container.
This patch implements most of the changes suggested by Dan Berrange and
Eric Blake.
Some replies to suggested changes.
Removed mingw-libvirt.spec.in changes since
From: Dan Walsh dwa...@redhat.com
This function is needed for virt-login-shell. Also modify virGirUserDirectory
to use the new function, to simplify the code.
---
src/libvirt_private.syms | 1 +
src/util/virutil.c | 9 +++--
src/util/virutil.h | 1 +
3 files changed, 9
.
+Alternatively report bugs to your software distributor / vendor.
+
+=head1 AUTHORS
+
+ Please refer to the AUTHORS file distributed with libvirt.
+
+ Daniel Walsh dwalsh at redhat dot com
+
+=head1 COPYRIGHT
+
+Copyright (C) 2013 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file
All comments applied except for comments below. Also additional cleanup of
error handling.
You'll need to call virGetUserDirectory() before any fork(), since it
calls code which is not async-signal safe.
The reason I did this is I needed to call it after the shell setuid, if I
call it
://libvirt.org/contact.html or bug tracker
Chttp://libvirt.org/bugs.html.
+Alternatively report bugs to your software distributor / vendor.
+
+=head1 AUTHORS
+
+ Please refer to the AUTHORS file distributed with libvirt.
+
+ Daniel Walsh dwalsh at redhat dot com
+
+=head1 COPYRIGHT
+
+Copyright
dwalsh at redhat dot com
+
+=head1 COPYRIGHT
+
+Copyright (C) 2013 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+=head1 LICENSE
+
+virt-login-shell is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions
[PATCH] virt-login-shell joins users into lxc container.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
tracker
Chttp://libvirt.org/bugs.html.
+Alternatively report bugs to your software distributor / vendor.
+
+=head1 AUTHORS
+
+ Please refer to the AUTHORS file distributed with libvirt.
+
+ Daniel Walsh dwalsh at redhat dot com
+
+=head1 COPYRIGHT
+
+Copyright (C) 2013 Red Hat, Inc
I believe I have gotten all of Dan B comments implemented, with a couple of
changes.
1. I no longer allow root to execute the command.
2. Rather then allow the globbing syntax for allowed_users in the config, I
added the abiltiy to specify groups.
[PATCH] virt-login-shell joins users into lxc
It also adds the ability to pass in privileged field into Security Manager so
that writing to /run/setrans only attempted on privileged machines
[PATCH] libvirt writes an mcs translation file to /run/setrans
--
libvir-list mailing list
libvir-list@redhat.com
From: Dan Walsh dwa...@redhat.com
mcstransd is a translation tool that can translate MCS Labels into human
understandable code. I have patched it to watch for translation files in the
/run/setrans directory. This allows us to run commands like ps -eZ and see
system_u:system_r:svirt_t:Fedora18
From: Dan Walsh dwa...@redhat.com
We do not want to allow contained applications to be able to read fusefs_t.
So we want /proc/meminfo label to match the system default proc_t.
---
src/lxc/lxc_container.c | 24
1 file changed, 24 insertions(+)
diff --git
I thought I sent this patch before, but I can not find a record of it, and
do not see it in upstream.
[PATCH] Change label of fusefs mounted at /proc/meminfo in lxc
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[PATCH 1/1] libvirt patch to write a mcs translation file to
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
mcstransd is a translation tool that can translate MCS Labels into human
understandable code. I have patched it to watch for translation files in the
/run/setrans directory. This allows us to run commands like ps -eZ and see
system_u:system_r:svirt_t:Fedora18
[PATCH] Change label of fusefs mounted at /proc/meminfo in lxc
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
We do not want to allow contained applications to be able to read fusefs_t.
So we want /proc/meminfo label to match the system default proc_t.
Fix checking of error codes
---
src/lxc/lxc_container.c | 24
1 file changed, 24
[PATCH 2/2] libvirt patch to write a mcs translation file to
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
mcstransd is a translation tool that can translate MCS Labels into human
understandable code. I have patched it to watch for translation files in the
/run/setrans directory. This allows us to run commands like ps -eZ and see
system_u:system_r:svirt_t:Fedora18
We want to allow an admin to specify additional mount points at the command
line.
[sandbox PATCH 1/1] Add support for adding mountpoints via the
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
Add similar support to virt-sandbox-service that is in virt-sandbox
to add guest-bind, host-bind and host-image mount points on the command
line. Openshift wants to use this feature.
---
bin/virt-sandbox-service| 62
From: Dan Walsh dwa...@redhat.com
---
bin/virt-sandbox-service | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 942f788..d7f43a5 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -333,6 +333,9 @@ class
The patch will add proper handling of duplicate Generic Sandbox.
It will also add support for adding mount points via virt-sandbox-service
using the same syntax as virt-sandbox.
[sandbox PATCH 1/2] Verify that a created Generic Sandbox does not
[sandbox PATCH 2/2] Add support for
From: Dan Walsh dwa...@redhat.com
Add similar support to virt-sandbox-service that is in virt-sandbox
to add guest-bind, host-bind and host-image mount points on the command
line. Openshift needs feature.
---
bin/virt-sandbox-service| 38 --
[sandbox PATCH] Add support for virt-sandbox-service to add
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
Add similar support to virt-sandbox-service that is in virt-sandbox
to add guest-bind, host-bind and host-image mount points on the command
line. Openshift needs feature.
---
bin/virt-sandbox-service| 15 +
From: Dan Walsh dwa...@redhat.com
Currently the /proc/meminfo is labeled fusefs_t rather then proc_t.
SELinux blocks openshift instances from reading fusefs_t, this
patch sets the file to the default label of /proc/meminfo
---
src/lxc/lxc_container.c | 24
1 file
Second Pass...
[PATCH 1/1] Fuse file system mounted at /proc/meminfo needs correct
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[PATCH] Fuse file system mounted at /proc/meminfo needs correct
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From: Dan Walsh dwa...@redhat.com
Currently the /proc/meminfo is labeled fusefs_t rather then proc_t.
SELinux blocks openshift instances from reading fusefs_t, this
patch sets the file to the default label of /proc/meminfo
---
.gnulib | 2 +-
src/lxc/lxc_container.c | 25
From: Dan Walsh dwa...@redhat.com
OpenShift will be creating the path within its management layer.
---
bin/virt-sandbox-service | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 31aa6a1..dd30993 100755
---
From: Dan Walsh dwa...@redhat.com
We want to make sure we use as little overhead as possible.
If a user connects to a lxc container, it will be the same as executing
a shell within the container.
---
bin/virt-sandbox-service | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
This patch set is adding support for UID/GID/USERNAME/USERDIR for use with
openshift
containers
Also fixes virt-sandbox-service to not complain if the destdir has been
precreated.
Finally we also do not want excess processes running withing containers
(/bin/sh).
[sandbox PATCH 1/3] Add
From: Dan Walsh dwa...@redhat.com
Openshift Containers will be run with a unique UID and GID
---
bin/virt-sandbox-service| 43 +--
bin/virt-sandbox-service-bash-completion.sh | 8 +++--
bin/virt-sandbox-service-create.pod | 53
From: Dan Walsh dwa...@redhat.com
Also cleanup some formatting issues in man pages.
---
bin/virt-sandbox-service-create.pod | 45 -
1 file changed, 40 insertions(+), 5 deletions(-)
diff --git a/bin/virt-sandbox-service-create.pod
From: Dan Walsh dwa...@redhat.com
Also default --homedir, --username, --gid all off of the --uid settings.
But allow the admin to override if required.
---
bin/virt-sandbox-service | 33 +
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git
From: Dan Walsh dwa...@redhat.com
We want to limit the number of processes which run within a container,
especially for openshift work loads. Eventually we could add an
option if someone wanted to run this shell.
---
bin/virt-sandbox-service | 1 -
1 file changed, 1 deletion(-)
diff --git
This patch set is adding support for UID/GID/USERNAME/USERDIR for use with
openshift
containers
[sandbox PATCH 1/6] Add UID/GID support for use with interactive
[sandbox PATCH 2/6] We should not turn on the sanbox shell by
[sandbox PATCH 3/6] Only create the destination directory if it does
From: Dan Walsh dwa...@redhat.com
Add missing options Itentity fields for new InteractiveContainer
---
bin/virt-sandbox-service-bash-completion.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service-bash-completion.sh
From: Dan Walsh dwa...@redhat.com
Openshift Containers will be run with a unique UID and GID
---
bin/virt-sandbox-service | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index ad01649..d3dceea 100755
---
From: Dan Walsh dwa...@redhat.com
If a user specifies a path that already exists, we should just
use the path.
---
bin/virt-sandbox-service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 6524a05..308b871 100755
---
From: Dan Walsh dwa...@redhat.com
We want to limit the number of processes which run within a container,
especially for openshift work loads. Eventually we could add an
option if someone wanted to run this shell.
---
bin/virt-sandbox-service | 1 -
1 file changed, 1 deletion(-)
diff --git
From: Dan Walsh dwa...@redhat.com
Openshift Containers will be run with a unique UID and GID
---
bin/virt-sandbox-service | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index ad01649..d3dceea 100755
---
From: Dan Walsh dwa...@redhat.com
If a user specifies a path that already exists, we should just
use the path.
---
bin/virt-sandbox-service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 6524a05..308b871 100755
---
Combined all UID/GID patches, taken into account Dan Berrange feedback.
Now UID will be based off the current UID.
Sandbox Shell is no longer used when using LXC containers. Connect will
now just execute a shell within the container.
[sandbox PATCH 1/6] Add UID/GID support for use with
45 matches
Mail list logo