From e50e8050b42df62b4b4d48867804abf81dca9d20 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 22 Jan 2016 21:38:17 +0000 Subject: [PATCH] adding custom selinux policy to taskotron client machines for qemu-kvm from buildslave --- .../files/service-virt-transition.te | 4 ++++ roles/taskotron/taskotron-client/tasks/main.yml | 12 ++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 roles/taskotron/taskotron-client/files/service-virt-transition.te diff --git a/roles/taskotron/taskotron-client/files/service-virt-transition.te b/roles/taskotron/taskotron-client/files/service-virt-transition.te new file mode 100644 index 0000000000..8b83ac5af6 --- /dev/null +++ b/roles/taskotron/taskotron-client/files/service-virt-transition.te @@ -0,0 +1,4 @@ +============= unconfined_service_t ============== + +allow unconfined_service_t svirt_t:process transition; + diff --git a/roles/taskotron/taskotron-client/tasks/main.yml b/roles/taskotron/taskotron-client/tasks/main.yml index c413a85870..15e9257dd9 100644 --- a/roles/taskotron/taskotron-client/tasks/main.yml +++ b/roles/taskotron/taskotron-client/tasks/main.yml @@ -58,6 +58,18 @@ file: path=/var/log/taskotron state=directory owner=root group={{ slaves_group }} mode=1775 when: deployment_type in ['dev', 'stg'] +- name: upload custom selinux policy to allow buildslaves to use qemu-kvm + copy: path=service-virt-transition.te dest=/root/service-virt-transition.te owner=root group=root mode=0644 + when: deployment_type in ['dev', 'stg'] + +- name: compile selinux policy + command: chdir=/root/ creates/root/service-virt-transition.pp make -f /usr/share/selinux/devel/Makefile + when: deployment_type in ['dev', 'stg'] + +- name: load custom selinux policy for qemu-kvm from buildslaves + command: chdir=/root/ semodule -i /root/service-virt-transition.pp + when: deployment_type in ['dev', 'stg'] + - name: enable libvirtd service: name=libvirtd state=started enabled=yes when: deployment_type in ['dev', 'stg']