|
|
| (69 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| == About Me ==
| |
| I'm a part of the Anaconda team at Red Hat. Specifically, my work focuses on support for secondary architectures (s390x, ppc) and text UI.
| |
|
| |
| Prior to coming to Red Hat, I was a Linux sysadmin at an engineering school. My work there involved service migration/consolidation, automating and customizing kickstart installs, packaging custom RPMs, and a small amount of identity management.
| |
|
| |
| Non-work interests of mine include SELinux, breakfast, and Star Trek.
| |
|
| |
| == Contact == | | == Contact == |
| * '''Email''': sbueno at redhat dot com | | * '''Email''': sbueno at redhat dot com |
| * '''IRC''': sbueno on freenode | | * '''IRC''': sbueno on liberachat |
| * '''Fedora Account''': sbueno | | * '''Fedora Account''': sbueno |
| * '''Time Zone''': EST5EDT | | * '''Time Zone''': EST/EDT. |
| * '''Location''': Cambridge, MA
| |
| | |
| == SELinux and virtualization ==
| |
| A lot of people I know turn SELinux off in order to get virtualization working. Not cool. If you're having problems, these are the minor tweaks I made to SELinux on my F17 system to get things running smoothly. These notes are copied from my runlogs, so excuse the brevity. Hopefully I didn't accidentally leave anything out since I worked pretty quickly.
| |
| | |
| * selinux tools; probably don't need all of these, but I like them there
| |
| <code>yum install policycoreutils policycoreutils-newrole policycoreutils-restorecond setools setools-console policycoreutils</code>
| |
| | |
| * by default I make /var about 08GB; unfortunately, libvirt stores images in here, so space quickly becomes an issue for me; no matter, just move things elsewhere....
| |
| <pre>
| |
| cd /var/lib
| |
| mv -f libvirt/ /scratch/
| |
| ln -s /scratch/libvirt/ .
| |
| #
| |
| # now fix the selinux fcontext for that dir
| |
| restorecon -R -F /scratch/libvirt
| |
| # I feel you should be able to set an equivalence class between /var/lib/libvirt and /scratch/libvirt;
| |
| # alas, it didn't work for whatever reason, so this was the next best thing
| |
| semange fcontext -S targeted -a -t var_libvirt_t /scratch/libvirt
| |
| restorecon -vv -F /scratch/libvirt
| |
| </pre>
| |
| | |
| * change selinux user mapping for my user created at install time
| |
| <code>semanage login -a -s staff_u sbueno</code>
| |
| | |
| * change the default selinux user mapping for future new users (don't want any unconfined_u's running around....)
| |
| <code>semanage login -m -S targeted -s "user_u" -r s0 __default__</code>
| |
| | |
| * time to fulfil virtualization needs
| |
| <code>yum install qemu-kvm libvirt-daemon-kvm qemu-kvm-tools virt-manager x3270-x11 tigervnc</code>
| |
| | |
| * fix some booleans since virtualization is a cluster of AVCs by default
| |
| <pre>
| |
| # HINT: you can do this via setsebool -P also, but you can only change one
| |
| # boolean at a time that way, meaning the policy will need to be recompiled
| |
| # for every single boolean you want to flip; do it this way and only recompile
| |
| # the policy once
| |
| semanage -S targeted -i - << EOF
| |
| boolean -m --on staff_use_svirt
| |
| boolean -m --on virt_use_execmem
| |
| boolean -m --on virt_use_nfs
| |
| boolean -m --on virt_use_sysfs
| |
| boolean -m --on virt_use_usb
| |
| boolean -m --on virt_use_xserver
| |
| EOF
| |
| </pre>
| |
