adding custom selinux policy to taskotron client machines for qemu-kvm from buildslave

2026-06-14 22:36:09 +08:00 · 2016-01-22 21:38:17 +00:00
parent f064a1f687
commit e50e8050b4
2 changed files with 16 additions and 0 deletions
--- a/roles/taskotron/taskotron-client/files/service-virt-transition.te
+++ b/roles/taskotron/taskotron-client/files/service-virt-transition.te
@@ -0,0 +1,4 @@
+============= unconfined_service_t ==============
+
+allow unconfined_service_t svirt_t:process transition;
+
--- a/roles/taskotron/taskotron-client/tasks/main.yml
+++ b/roles/taskotron/taskotron-client/tasks/main.yml
@@ -58,6 +58,18 @@
  file: path=/var/log/taskotron state=directory owner=root group={{ slaves_group }} mode=1775
  when: deployment_type in ['dev', 'stg']

+- name: upload custom selinux policy to allow buildslaves to use qemu-kvm
+  copy: path=service-virt-transition.te dest=/root/service-virt-transition.te owner=root group=root mode=0644
+  when: deployment_type in ['dev', 'stg']
+
+- name: compile selinux policy
+  command: chdir=/root/ creates/root/service-virt-transition.pp make -f /usr/share/selinux/devel/Makefile
+  when: deployment_type in ['dev', 'stg']
+
+- name: load custom selinux policy for qemu-kvm from buildslaves
+  command: chdir=/root/ semodule -i /root/service-virt-transition.pp
+  when: deployment_type in ['dev', 'stg']
+
 - name: enable libvirtd
  service: name=libvirtd state=started enabled=yes
  when: deployment_type in ['dev', 'stg']