[Kimchi-devel] [PATCH] Set virt_use_nfs when NFS pool is added.

Royce Lv lvroyce at linux.vnet.ibm.com
Tue Apr 1 06:24:18 UTC 2014 

On 2014年03月29日 05:20, Christy Perez wrote:
> selinux has a special boolean to make it easier for disk images
> to be stored on a remote NFS server. Set this to true when a user
> adds an NFS storage pool.
>
> Most virtualzation documentation recommends that this be set
> to true. For example:
> http://www.ovirt.org/Troubleshooting_NFS_Storage_Issues
> http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems
>
> This will leave it set to true, even if
> the user removes NFS storage pools. It is not a security risk, and
> we should not set it to False in case it had already been set by the
> user for another non-kimchi use.
>
> Signed-off-by: Christy Perez <christy at linux.vnet.ibm.com>
> ---
>   src/kimchi/i18n.py               | 2 ++
>   src/kimchi/model/storagepools.py | 5 +++++
>   2 files changed, 7 insertions(+)
>
> diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py
> index d45f607..8ade7d7 100644
> --- a/src/kimchi/i18n.py
> +++ b/src/kimchi/i18n.py
> @@ -144,6 +144,8 @@ messages = {
>       "KCHPOOL0034E": _("Unable to deactivate pool %(name)s as it is associated with some templates"),
>       "KCHPOOL0035E": _("Unable to delete pool %(name)s as it is associated with some templates"),
>       "KCHPOOL0036E": _("A volume group named '%(name)s' already exists. Please, choose another name to create the logical pool."),
> +    "KCHPOOL0037E": _("Unable to set selinux bool virt_use_nfs for NFS pool usage. Depending on \
> +                       your NFS config, this may prevent the pool from being used."),
>
>       "KCHVOL0001E": _("Storage volume %(name)s already exists"),
>       "KCHVOL0002E": _("Storage volume %(name)s does not exist in storage pool %(pool)s"),
> diff --git a/src/kimchi/model/storagepools.py b/src/kimchi/model/storagepools.py
> index 92b2496..d279ffa 100644
> --- a/src/kimchi/model/storagepools.py
> +++ b/src/kimchi/model/storagepools.py
> @@ -126,6 +126,11 @@ class StoragePoolsModel(object):
>               kimchi_log.error("Problem creating Storage Pool: %s", e)
>               raise OperationFailed("KCHPOOL0007E",
>                                     {'name': name, 'err': e.get_error_message()})
> +        if params['type'] == 'netfs':
> +            output, error, returncode = run_command(['setsebool', '-P',
> +                                                    'virt_use_nfs=1'])
1. what about turn this on when start kimchi? Cause we just need to 
enable this for the first time.
2. For Debian using apparmor, it does not have setsebool, I think this 
need to be handled too.
> +            if error or returncode:
> +                kimchi_log.error('KCHPOOL0037E')
>           return name
>
>       def _clean_scan(self, pool_name):

More information about the Kimchi-devel mailing list