From 0aac2d3d8804271eaca33f93650b04f1bd8b249c Mon Sep 17 00:00:00 2001 From: Jan Vcelak Date: Fri, 30 Jul 2010 16:14:55 -0500 Subject: add selinux plugin This patch adds an selinux plugin that sets up an environment with selinux turned *off* in the build chroot. How does this work? From the author's description: It is done the same as the patch sent by Thomas Liu in bz 614440 does. Actually, this proceeding was suggested by Dan Walsh in bz 573111. 1.) Fake /proc/filesystems is created in conf["cachedir"]. It includes the same content as the same file in host environment, except line with selinuxfs. This file is bind mounted into build environment. 2.) Option '--setopt=tsflags=nocontext' is added to yum commands. This is done by wrapping mock.util.do with _selinuxDoYum in "preyum" hook. This function just adds the option and passes the command to original mock.util.do function. The wrapping is removed in "postyum" hook. I didn't find cleaner method, without modifying main code. Signed-off-by: Clark Williams --- py/mock.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'py/mock.py') diff --git a/py/mock.py b/py/mock.py index dd002de..a0e585d 100755 --- a/py/mock.py +++ b/py/mock.py @@ -244,7 +244,7 @@ def setup_default_config_opts(config_opts, unprivUid): # root_cache next. # after that, any plugins that must create dirs (yum_cache) # any plugins without preinit hooks should be last. - config_opts['plugins'] = ('tmpfs', 'root_cache', 'yum_cache', 'bind_mount', 'ccache') + config_opts['plugins'] = ('tmpfs', 'root_cache', 'yum_cache', 'bind_mount', 'ccache', 'selinux') config_opts['plugin_dir'] = os.path.join(PKGPYTHONDIR, "plugins") config_opts['plugin_conf'] = { 'ccache_enable': True, @@ -273,6 +273,8 @@ def setup_default_config_opts(config_opts, unprivUid): 'tmpfs_opts': { 'required_ram_mb': 900, 'max_fs_size': None}, + 'selinux_enable': True, + 'selinux_opts': {}, } # dependent on guest OS -- cgit