openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Detect location fo selinux mount point 

The SELinux mount point moved from /selinux to /sys/fs/selinux
when systemd came along.

* configure.ac: Probe for SELinux mount point
* src/lxc/lxc_container.c: Use SELinux mount point determined
  by configure.ac
This commit is contained in:
Daniel P. Berrange 2012-03-26 16:39:30 +01:00
parent 05e981df2d
commit eb8f31c16b
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
configure.ac
View File

@ -1238,6 +1238,10 @@ AC_ARG_WITH([selinux],
AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]), AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]),
[], [],
[with_selinux=check]) [with_selinux=check])
AC_ARG_WITH([selinux_mount],
AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
[],
[with_selinux_mount=check])
SELINUX_CFLAGS= SELINUX_CFLAGS=
SELINUX_LIBS= SELINUX_LIBS=
@ -1261,7 +1265,20 @@ if test "$with_selinux" != "no"; then
LIBS="$old_libs" LIBS="$old_libs"
fi fi
if test "$with_selinux" = "yes"; then if test "$with_selinux" = "yes"; then
AC_MSG_CHECKING([SELinux mount point])
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
if test -d /sys/fs/selinux ; then
SELINUX_MOUNT=/sys/fs/selinux
else
SELINUX_MOUNT=/selinux
fi
else
SELINUX_MOUNT=$with_selinux_mount
fi
AC_MSG_RESULT([$SELINUX_MOUNT])
SELINUX_LIBS="-lselinux" SELINUX_LIBS="-lselinux"
AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is available]) AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is available])
dnl We prefer to use <selinux/label.h> and selabel_open, but can fall dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
@ -2640,7 +2657,7 @@ AC_MSG_NOTICE([ Disk: $with_storage_disk])
AC_MSG_NOTICE([]) AC_MSG_NOTICE([])
AC_MSG_NOTICE([Security Drivers]) AC_MSG_NOTICE([Security Drivers])
AC_MSG_NOTICE([]) AC_MSG_NOTICE([])
AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux]) AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)])
AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor]) AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor])
AC_MSG_NOTICE([]) AC_MSG_NOTICE([])
AC_MSG_NOTICE([Driver Loadable Modules]) AC_MSG_NOTICE([Driver Loadable Modules])

6
src/lxc/lxc_container.c
View File

@ -444,8 +444,10 @@ static int lxcContainerMountBasicFS(const char *srcprefix, bool pivotRoot)
{ false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
{ true, "/sys", "/sys", NULL, NULL, MS_BIND }, { true, "/sys", "/sys", NULL, NULL, MS_BIND },
{ true, "/sys", "/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { true, "/sys", "/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
{ true, "/selinux", "/selinux", NULL, NULL, MS_BIND }, #if HAVE_SELINUX
{ true, "/selinux", "/selinux", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { true, SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND },
{ true, SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
#endif
}; };
int i, rc = -1; int i, rc = -1;
char *opts = NULL; char *opts = NULL;