[Ovirt-devel] [PATCH node-image] add ovirt semodule in Node
Alan Pevec
apevec at redhat.com
Mon Sep 22 22:26:35 UTC 2008
For now, it is only to allow qemu to access disk partitions directly,
required in order to use iSCSI storage pools with SELinux enabled.
Signed-off-by: Alan Pevec <apevec at redhat.com>
---
common-post.ks | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/common-post.ks b/common-post.ks
index a4f5858..d44324c 100644
--- a/common-post.ks
+++ b/common-post.ks
@@ -43,12 +43,26 @@ cat > /etc/sysconfig/iptables << \EOF
COMMIT
EOF
+# make disks available to VMs
+cat > /tmp/ovirt.te <<EOF
+module ovirt 1.0.0;
+require {
+ type fixed_disk_device_t;
+ type qemu_t;
+ class blk_file { ioctl getattr setattr read write };
+}
+allow qemu_t fixed_disk_device_t:blk_file { ioctl getattr setattr read write };
+EOF
+checkmodule -M -m -o /tmp/ovirt.mod /tmp/ovirt.te
+semodule_package -o /tmp/ovirt.pp -m /tmp/ovirt.mod
+semodule -i /tmp/ovirt.pp
+
echo "Removing excess RPMs"
RPM="rpm -v -e --nodeps"
# kernel pulls in mkinitrd which pulls in isomd5sum which pulls in python,
-# and livecd-tools needs lokkit to disable SELinux.
+# and livecd-tools needs lokkit to configure SELinux.
# However, this is just an install-time dependency; we can remove
# it afterwards, which we do here
$RPM -e system-config-firewall-tui system-config-network-tui rhpl \
--
1.5.5.1
More information about the ovirt-devel
mailing list