[Ovirt-devel] [PATCH node-image] add ovirt semodule in Node
Jim Meyering
jim at meyering.net
Tue Sep 23 06:11:17 UTC 2008
Alan Pevec <apevec at redhat.com> wrote:
> For now, it is only to allow qemu to access disk partitions directly,
> required in order to use iSCSI storage pools with SELinux enabled.
>
> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
> common-post.ks | 16 +++++++++++++++-
> 1 files changed, 15 insertions(+), 1 deletions(-)
>
> diff --git a/common-post.ks b/common-post.ks
> index a4f5858..d44324c 100644
> --- a/common-post.ks
> +++ b/common-post.ks
> @@ -43,12 +43,26 @@ cat > /etc/sysconfig/iptables << \EOF
> COMMIT
> EOF
>
> +# make disks available to VMs
> +cat > /tmp/ovirt.te <<EOF
Nice.
One suggestion: if you add single quotes or a backslash ('EOF' or \EOF),
cat > /tmp/ovirt.te <<\EOF
then the reviewer wouldn't have to examine contents for occurrences
of "$" or `` that would be substituted.
> +module ovirt 1.0.0;
> +require {
> + type fixed_disk_device_t;
> + type qemu_t;
> + class blk_file { ioctl getattr setattr read write };
> +}
> +allow qemu_t fixed_disk_device_t:blk_file { ioctl getattr setattr read write };
> +EOF
...
More information about the ovirt-devel
mailing list