[libvirt] [PATCH 12/16] Split Container class definition into Container Class and ServiceContainer Class.

Daniel P. Berrange berrange at redhat.com
Wed Apr 3 12:40:56 UTC 2013


On Tue, Apr 02, 2013 at 06:11:28PM -0400, Dan Walsh wrote:
> This way we can share common methods between the ServiceContainer and the
> InteractiveContainer
> ---
>  bin/virt-sandbox-service | 823 ++++++++++++++++++++++++++---------------------
>  1 file changed, 450 insertions(+), 373 deletions(-)
> 
> diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
> index 9f4941b..f4d0eff 100755
> --- a/bin/virt-sandbox-service
> +++ b/bin/virt-sandbox-service
> @@ -58,56 +58,387 @@ def read_config(name):
>      return LibvirtSandbox.Config.load_from_path(get_config_path(name))
>  
>  class Container:
> +    DEFAULT_PATH       = "/var/lib/libvirt/filesystems"
> +    DEFAULT_IMAGE      = "/var/lib/libvirt/images/%s.raw"
> +    SELINUX_FILE_TYPE  = "svirt_lxc_file_t"
> +
> +    def __init__(self, name=None, uri = "lxc:///", path = DEFAULT_PATH, config=None, create=False):
> +        self.uri = uri
> +        self.use_image = False
> +        self.size = 10 * MB
> +        self.path = path
> +        self.config = None
> +        if self.config:
> +            self.name = self.config.get_name()
> +        else:
> +            self.name = name
> +        self.dest = "%s/%s" % (self.path, self.name)
> +        self.file_type = self.SELINUX_FILE_TYPE
> +        self.conn = None
> +        self.image = None
> +        self.uid = 0
> +
> +    def get_file_type(self):
> +        return self.file_type
> +
> +    def set_file_type(self, file_type):
> +        self.file_type = file_type
> +
> +    def set_uid(self, uid):
> +        self.uid = uid
> +
> +    def get_uid(self):
> +        return self.uid
> +
> +    def get_config_path(self, name = None):
> +        if not name:
> +            name = self.name
> +        return get_config_path(name)
> +
> +    def get_filesystem_path(self, name = None):
> +        if not name:
> +            name = self.get_name()
> +        return self.DEFAULT_PATH + "/" + name
> +
> +    def get_image_path(self, name = None):
> +        if not name:
> +            name = self.get_name()
> +        return self.DEFAULT_IMAGE % name
> +
> +    def set_image(self, size):
> +        self.use_image = True
> +        self.size = size * MB
> +
> +    def set_path(self, path):
> +        self.path = path
> +        self.dest = "%s/%s" % (self.path, self.name)
> +
> +    def get_name(self):
> +        return self.name
> +
> +    def set_name(self, name):
> +        if self.config:
> +            raise ValueError([_("Cannot modify Name")])
> +        self.name = name
> +        self.dest = "%s/%s" % (self.path, self.name)
> +
> +    def set_security(self, val):
> +        return self.config.set_security_opts(val)
> +
> +    def add_network(self, val):
> +        return self.config.add_network_opts(val)
> +
> +    def get_security_dynamic(self):
> +        return self.config.get_security_dynamic()
> +


> +    def get_security_type(self):
> +        try:
> +            if self.config:
> +                con = self.config.get_security_label().split(':')
> +                return con[2]
> +        except:
> +            pass
> +        return "svirt_lxc_net_t"
> +
> +    def get_security_level(self):
> +        try:
> +            if self.config:
> +                con = self.config.get_security_label().split(':')
> +                return ":".join(con[3:])
> +        except:
> +            pass
> +        return "s0"
> +
> +    def get_security_label(self):
> +        return self.config.get_security_label()
> +
> +    def set_security_label(self):
> +        if selinux is None:
> +            return
> +
> +        if self.image or self.get_security_dynamic():
> +            return
> +
> +        selabel = self.get_security_label()
> +        if selabel is None:
> +            raise ValueError([_("Missing security label configuration")])
> +        parts = selabel.split(":")
> +        selinux.chcon(self.dest, "system_u:object_r:%s:%s" % (
> +                self.get_file_type(), ":".join(parts[3:])), True)
> +
> +    def set_security_type(self, security_type):
> +        label = "system_u:system_r:%s:%s" % (security_type, self.get_security_level())
> +        try:
> +            selinux.security_check_context(label)
> +            self.config.set_security_label(label)
> +        except OSError, e:
> +            raise OSError(_("Invalid Security Type %s: %s ") %  (security_type, e))
> +
> +    def set_security_level(self, security_level):
> +        label = "system_u:system_r:%s:%s" % (self.get_security_type(), security_level)
> +        try:
> +            selinux.security_check_context(label)
> +            self.config.set_security_label(label)
> +        except OSError, e:
> +            raise OSError(_("Invalid Security Level %s: %s ") %  (security_level, e))

This patch seems to have had a bad merge. You're adding in new methods
here, which don't exist in the code being removed later. These methods
were things I deleted when removing SELinux-isms from this code.


> @@ -491,10 +701,13 @@ PrivateNetwork=false
>          for f in self.BIND_SYSTEM_FILES:
>              self._makefile(f)
>  
> -        shutil.copy(self.FUNCTIONS, "%s%s" % (self.dest, self.FUNCTIONS))
> +        destpath = self.dest + self.SYSVINIT_PATH
> +        for i in range(7):
> +            os.mkdir(destpath+("/rc%s.d" % i))
> +        os.mkdir(destpath+"/init.d")

This seems to be adding new functionality, not related to plain refactoring

> +        shutil.copy(self.SYSVINIT_PATH + "/init.d/functions" , destpath + "/init.d")
>  
>          self.gen_machine_id()
> -
>          self.gen_hostname()
>  
>          for k in self.LOCAL_LINK_FILES:

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list