diff options
| author | Richard Jones <rjones@trick.home.annexia.org> | 2009-08-12 16:10:35 +0100 |
|---|---|---|
| committer | Richard Jones <rjones@trick.home.annexia.org> | 2009-08-12 17:23:40 +0100 |
| commit | 8157503b09e24667ddab833c1d12dd643ceac71b (patch) | |
| tree | 0fb16a572fa1fc17cca64a8f0602d0f72412fcc3 | |
| parent | bf76b637d25fb70f0320caa63e264104112feaab (diff) | |
| download | libguestfs-8157503b09e24667ddab833c1d12dd643ceac71b.tar.gz libguestfs-8157503b09e24667ddab833c1d12dd643ceac71b.tar.xz libguestfs-8157503b09e24667ddab833c1d12dd643ceac71b.zip | |
Allow selinux=? kernel flag to be controlled.
Adds new API calls to set and get this flags.
| -rwxr-xr-x | src/generator.ml | 25 | ||||
| -rw-r--r-- | src/guestfs.c | 29 |
2 files changed, 49 insertions, 5 deletions
diff --git a/src/generator.ml b/src/generator.ml index 8d16945a..0bd9924d 100755 --- a/src/generator.ml +++ b/src/generator.ml @@ -761,6 +761,31 @@ C<$major.$minor.$release$extra> I<Note:> Don't use this call to test for availability of features. Distro backports makes this unreliable."); + ("set_selinux", (RErr, [Bool "selinux"]), -1, [FishAlias "selinux"], + [InitNone, Always, TestOutputTrue ( + [["set_selinux"; "true"]; + ["get_selinux"]])], + "set SELinux enabled or disabled at appliance boot", + "\ +This sets the selinux flag that is passed to the appliance +at boot time. The default is C<selinux=0> (disabled). + +Note that if SELinux is enabled, it is always in +Permissive mode (C<enforcing=0>). + +For more information on the architecture of libguestfs, +see L<guestfs(3)>."); + + ("get_selinux", (RBool "selinux", []), -1, [], + [], + "get SELinux enabled flag", + "\ +This returns the current setting of the selinux flag which +is passed to the appliance at boot time. See C<guestfs_set_selinux>. + +For more information on the architecture of libguestfs, +see L<guestfs(3)>."); + ] (* daemon_functions are any functions which cause some action diff --git a/src/guestfs.c b/src/guestfs.c index 9560aec0..37869e84 100644 --- a/src/guestfs.c +++ b/src/guestfs.c @@ -177,6 +177,8 @@ struct guestfs_h int memsize; /* Size of RAM (megabytes). */ + int selinux; /* selinux enabled? */ + char *last_error; /* Callbacks. */ @@ -689,6 +691,19 @@ guestfs_get_memsize (guestfs_h *g) } int +guestfs_set_selinux (guestfs_h *g, int selinux) +{ + g->selinux = selinux; + return 0; +} + +int +guestfs_get_selinux (guestfs_h *g) +{ + return g->selinux; +} + +int guestfs_get_pid (guestfs_h *g) { if (g->pid > 0) @@ -1047,15 +1062,19 @@ guestfs_launch (guestfs_h *g) "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */ \ "noapic " /* workaround for RHBZ#502058 - ok if not SMP */ \ "acpi=off " /* we don't need ACPI, turn it off */ \ - "cgroup_disable=memory " /* saves us about 5 MB of RAM */ \ - "selinux=0 " /* SELinux is messed up if there's no policy */ + "cgroup_disable=memory " /* saves us about 5 MB of RAM */ /* Linux kernel command line. */ snprintf (append, sizeof append, - LINUX_CMDLINE "guestfs=%s:%d%s%s%s", + LINUX_CMDLINE + "guestfs=%s:%d " + "%s" /* (selinux) */ + "%s" /* (verbose) */ + "%s", /* (append) */ VMCHANNEL_ADDR, VMCHANNEL_PORT, - g->verbose ? " guestfs_verbose=1" : "", - g->append ? " " : "", g->append ? g->append : ""); + g->selinux ? "selinux=1 enforcing=0 " : "selinux=0 ", + g->verbose ? "guestfs_verbose=1 " : " ", + g->append ? g->append : ""); snprintf (memsize_str, sizeof memsize_str, "%d", g->memsize); |