[libvirt] [sandbox PATCH 1/2] Add virt-sandbox -s inherit, to execute the sandbox from the parent.
Daniel P. Berrange
berrange at redhat.com
Thu Aug 15 08:48:45 UTC 2013
On Tue, Aug 13, 2013 at 01:10:11PM -0400, Dan Walsh wrote:
> This will allow us to run sandbox as the calling process, If I am
> running a shell as staff_u:unconfined_r:unconfined_t:s0, and I
> execute virt-sandbox -c lxc/// -- /bin/sh
>
> /bin/sh will run as staff_u:unconfined_r:unconfined_t:s0
> ---
> bin/virt-sandbox-service.pod | 6 +++++-
> bin/virt-sandbox.c | 9 ++++++++-
> configure.ac | 1 +
> libvirt-sandbox.spec.in | 1 +
> libvirt-sandbox/Makefile.am | 2 ++
> libvirt-sandbox/libvirt-sandbox-config.c | 14 ++++++++++++++
> m4/virt-selinux.m4 | 11 +++++++++++
> 7 files changed, 42 insertions(+), 2 deletions(-)
> create mode 100644 m4/virt-selinux.m4
You've taken what was previously 3 separate patches fixing 3
separate bugs, and merged them into one giant patch. This is
really bad - separate functional fixes must always be kept
as separate patches.
The actual changes look good, but please split it back up
into 3 separate patches & repost.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list