diff --git a/python-virtinst.spec b/python-virtinst.spec index 9d51512..1f3d2d5 100644 --- a/python-virtinst.spec +++ b/python-virtinst.spec @@ -17,7 +17,7 @@ Summary: Python modules and utilities for installing virtual machines Name: python-%{appname} Version: 0.400.3 -Release: 3%{_extra_release} +Release: 4%{_extra_release} Source0: http://virt-manager.org/download/sources/%{appname}/%{appname}-%{version}.tar.gz Patch1: %{appname}-%{version}-fix-virtimage-scratch.patch Patch2: %{appname}-%{version}-hostdev-libvirt-calls.patch @@ -87,6 +87,9 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/virt-convert %changelog +* Fri Apr 3 2009 Daniel P. Berrange - 0.400.4-fc11 +- Attempt to fix SELinux labelling on CDROM ISOs used for installation + * Fri Apr 3 2009 Daniel P. Berrange - 0.400.3-fc11 - Set SELinux context on $HOME/.virtinst to make kernel/initrd boot work (rhbz #491052) diff --git a/virtinst-0.400.3-selinux-context.patch b/virtinst-0.400.3-selinux-context.patch index 5320f6b..bdd02e3 100644 --- a/virtinst-0.400.3-selinux-context.patch +++ b/virtinst-0.400.3-selinux-context.patch @@ -1,3 +1,46 @@ +diff -rup virtinst-0.400.3.orig/virtinst/CapabilitiesParser.py virtinst-0.400.3.new/virtinst/CapabilitiesParser.py +--- virtinst-0.400.3.orig/virtinst/CapabilitiesParser.py 2009-03-10 03:32:15.000000000 +0000 ++++ virtinst-0.400.3.new/virtinst/CapabilitiesParser.py 2009-04-03 19:15:33.000000000 +0100 +@@ -93,6 +93,7 @@ class Host(object): + + self.features = CapabilityFeatures() + self.topology = None ++ self.secmodel = None + + if not node is None: + self.parseXML(node) +@@ -103,6 +104,9 @@ class Host(object): + if child.name == "topology": + self.topology = Topology(child) + ++ if child.name == "secmodel": ++ self.secmodel = SecurityModel(child) ++ + if child.name != "cpu": + child = child.next + continue +@@ -252,6 +256,21 @@ class TopologyCPU(object): + self.id = int(node.prop("id")) + + ++class SecurityModel(object): ++ def __init__(self, node = None): ++ self.model = None ++ self.doi = None ++ ++ if not node is None: ++ self.parseXML(node) ++ ++ def parseXML(self, node): ++ child = node.children ++ if child.name == "model": ++ self.model = child.content ++ elif cihld.name == "doi": ++ self.doi == child.content ++ + class Capabilities(object): + def __init__(self, node = None): + self.host = None diff -rup virtinst-0.400.3.orig/virtinst/Installer.py virtinst-0.400.3.new/virtinst/Installer.py --- virtinst-0.400.3.orig/virtinst/Installer.py 2009-03-10 03:32:15.000000000 +0000 +++ virtinst-0.400.3.new/virtinst/Installer.py 2009-04-03 18:15:10.000000000 +0100 @@ -33,3 +76,97 @@ diff -rup virtinst-0.400.3.orig/virtinst/Installer.py virtinst-0.400.3.new/virti scratchdir = property(get_scratchdir) def get_cdrom(self): +Only in virtinst-0.400.3.new/virtinst: virtinst-0.400.3-selinux-context.patch +diff -rup virtinst-0.400.3.orig/virtinst/VirtualDisk.py virtinst-0.400.3.new/virtinst/VirtualDisk.py +--- virtinst-0.400.3.orig/virtinst/VirtualDisk.py 2009-03-10 03:32:15.000000000 +0000 ++++ virtinst-0.400.3.new/virtinst/VirtualDisk.py 2009-04-03 19:23:49.000000000 +0100 +@@ -28,6 +28,7 @@ import _util + import Storage + from VirtualDevice import VirtualDevice + from virtinst import _virtinst as _ ++from CapabilitiesParser import parse as parseCapabilities + + def _vdisk_create(path, size, kind, sparse = True): + force_fixed = "raw" +@@ -557,7 +558,6 @@ class VirtualDisk(VirtualDevice): + # vdisk _is_ a directory. + raise ValueError(_("The path '%s' must be a file or a " + "device, not a directory") % self.path) +- # XXX: Any selinux validation checks should go here + + self.__set_dev_type() + return True +@@ -605,6 +605,8 @@ class VirtualDisk(VirtualDevice): + @param progresscb: progress meter + @type progresscb: instanceof urlgrabber.BaseMeter + """ ++ self.setup_security_context() ++ + if self.vol_object: + return + elif self.vol_install: +@@ -651,7 +653,63 @@ class VirtualDisk(VirtualDevice): + os.close(fd) + if progresscb: + progresscb.end(size_bytes) +- # FIXME: set selinux context? ++ ++ def setup_security_context(self): ++ logging.info("Setting up security contexts") ++ if self.device != VirtualDisk.DEVICE_CDROM: ++ return ++ ++ caps = parseCapabilities(self.conn.getCapabilities()) ++ if caps.host.secmodel is None: ++ logging.info("No security model active") ++ return ++ if caps.host.secmodel.model != "selinux": ++ logging.info("Security model is not selinux") ++ return ++ ++ wantLabel = "system_u:object_r:virt_content_t:s0" ++ changeLabel = False ++ if self.vol_object: ++ xml = self.vol_object.XMLDesc(0) ++ label = _util.get_xml_path(xml, "/volume/target/permissions/label") ++ ++ if label == wantLabel: ++ logging.info("Labelling is correct") ++ return ++ ++ if _util.is_uri_remote(self.conn.getURI()): ++ raise ValueError, _("Install volume %s has incorrect SELinux label %s, expecting %s" % ++ (self.path, label, wantLabel)) ++ else: ++ changeLabel = True ++ elif self.path: ++ try: ++ import selinux ++ con = selinux.getfilecon(self.path) ++ if con == wantLabel: ++ logging.info("Labelling is correct") ++ return ++ ++ if _util.is_remote_uri(self.conn.URI()): ++ raise ValueError, _("Install volume %s has incorrect SELinux label %s, expecting %s" % ++ (self.path, label, wantLabel)) ++ else: ++ if self.path[0:4] == "/dev": ++ logging.info("Not changing context on physical device") ++ else: ++ changeLabel = True ++ except Exception, e: ++ logging.error("Failed to validate SELinux labelling: %s. Assuming its OK" % str(e)) ++ ++ if changeLabel: ++ try: ++ import selinux ++ selinux.setfilecon(self.path, wantLabel) ++ logging.info("Changed SELinux label to %s" % wantLabel) ++ except Exception, e: ++ raise ValueError, _(("Unable to fix install volume SELinux labelling: %s\n" % str(e)) + ++ ("Please run 'chcon %s %s' manually and retry installation" % (wantLabel, self.path))) ++ + + def get_xml_config(self, disknode=None): + """