On 04/01/2014 11:02 AM, Christy Perez wrote:
On Tue, 2014-04-01 at 14:24 +0800, Royce Lv wrote:
On 2014年03月29日 05:20, Christy Perez wrote:
selinux has a special boolean to make it easier for disk images to be stored on a remote NFS server. Set this to true when a user adds an NFS storage pool.
Most virtualzation documentation recommends that this be set to true. For example: http://www.ovirt.org/Troubleshooting_NFS_Storage_Issues http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems
This will leave it set to true, even if the user removes NFS storage pools. It is not a security risk, and we should not set it to False in case it had already been set by the user for another non-kimchi use.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com> --- src/kimchi/i18n.py | 2 ++ src/kimchi/model/storagepools.py | 5 +++++ 2 files changed, 7 insertions(+)
diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py index d45f607..8ade7d7 100644 --- a/src/kimchi/i18n.py +++ b/src/kimchi/i18n.py @@ -144,6 +144,8 @@ messages = { "KCHPOOL0034E": _("Unable to deactivate pool %(name)s as it is associated with some templates"), "KCHPOOL0035E": _("Unable to delete pool %(name)s as it is associated with some templates"), "KCHPOOL0036E": _("A volume group named '%(name)s' already exists. Please, choose another name to create the logical pool."), + "KCHPOOL0037E": _("Unable to set selinux bool virt_use_nfs for NFS pool usage. Depending on \ + your NFS config, this may prevent the pool from being used."),
I think that log messages does not need to be translated, so you do not need to add it to i18n. I may be wrong, but, for instance, if someone is using kimchi in chinese, then the log entry will be in chinese. The Kimchi server might be in another place, where the admin does not necessarily understand Chinese. Can someone confirm this ? Please
"KCHVOL0001E": _("Storage volume %(name)s already exists"), "KCHVOL0002E": _("Storage volume %(name)s does not exist in storage pool %(pool)s"), diff --git a/src/kimchi/model/storagepools.py b/src/kimchi/model/storagepools.py index 92b2496..d279ffa 100644 --- a/src/kimchi/model/storagepools.py +++ b/src/kimchi/model/storagepools.py @@ -126,6 +126,11 @@ class StoragePoolsModel(object): kimchi_log.error("Problem creating Storage Pool: %s", e) raise OperationFailed("KCHPOOL0007E", {'name': name, 'err': e.get_error_message()}) + if params['type'] == 'netfs': + output, error, returncode = run_command(['setsebool', '-P', + 'virt_use_nfs=1'])
1. what about turn this on when start kimchi? Cause we just need to enable this for the first time. I'm okay with that too, but I figured setting it only if it'll be used made more sense. Is there a reason to set it at startup vs this?
2. For Debian using apparmor, it does not have setsebool, I think this need to be handled too. I was using the package repository logic of "just try to set it." I figured there were too many "what ifs" to check and went with a simple approach. Is that going to cause issues? Is there an equivalent to virt_use_nfs for Debian? Or will this problem not occur there?
+ if error or returncode: + kimchi_log.error('KCHPOOL0037E') return name
def _clean_scan(self, pool_name):
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel