virt-v2v/0013-Update-common-submodul...

From 6dea82d823c344af0277bb35de789828cfd3e413 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 22 Apr 2023 09:06:01 +0100
Subject: [PATCH] Update common submodule

Richard W.M. Jones (1):
      mlcustomize/SELinux_relabel.ml: Use Array.mem

Roman Kagan (1):
      mlcustomize: skip SELinux relabeling if it's disabled

(cherry picked from commit e83de8abe6c5388585885cef28d7a198b7bfc90c)
---
 common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Submodule common 70c10a07..38e6988c:
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
index 5ecf7bd7..2f3a09bf 100644
--- a/common/mlcustomize/SELinux_relabel.ml
+++ b/common/mlcustomize/SELinux_relabel.ml
@@ -24,10 +24,6 @@ open Printf
 
 module G = Guestfs
 
-(* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)
-let array_find a l =
-  List.mem a (Array.to_list l)
-
 let rec relabel (g : G.guestfs) =
   (* Is the guest using SELinux?  (Otherwise this is a no-op). *)
   if is_selinux_guest g then (
@@ -59,14 +55,24 @@ and use_setfiles g =
   g#aug_load ();
   debug_augeas_errors g;
 
+  let config_path = "/files/etc/selinux/config" in
+  let config_keys = g#aug_ls config_path in
+  (* SELinux may be disabled via a setting in config file *)
+  let selinux_disabled =
+    let selinuxmode_path = config_path ^ "/SELINUX" in
+    if Array.mem selinuxmode_path config_keys then
+      g#aug_get selinuxmode_path = "disabled"
+    else
+      false in
+  if selinux_disabled then
+      failwith "selinux disabled";
+
   (* Get the SELinux policy name, eg. "targeted", "minimum".
    * Use "targeted" if not specified, just like libselinux does.
    *)
   let policy =
-    let config_path = "/files/etc/selinux/config" in
     let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
-    let keys = g#aug_ls config_path in
-    if array_find selinuxtype_path keys then
+    if Array.mem selinuxtype_path config_keys then
       g#aug_get selinuxtype_path
     else
       "targeted" in
recognize "--key /dev/mapper/VG-LV:key:password"; fix %check phase (1) Backport the upstream patches for recognizing the command line option --key /dev/mapper/VG-LV:key:password Similarly to the backports for guestfs-tools BZ#2209280 and libguestfs BZ#2209279, here we need to update the common submodule (thankfully we need not excise any hunks -- we had to do that for libguestfs). Unlike those "single-step" submodule updates however, for virt-v2v we bridge the same submodule commit range 70c10a079a30..b636c3f20a1b in two steps, stopping at commit 38e6988c1864 in the middle. We do that simply because that's how upstream virt-v2v moved; i.e., there are two upstream patches to cherry-pick for advancing our submodule reference. (2) In dist-git commit ef9a918d7e8e, there was a typo: the "test" command was left out. Therefore even our simple test conversion has not been invoked -- see e.g. <https://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/virt-v2v/2.3.4/2.el9/data/logs/x86_64/build.log>: > + -s test-data/phony-guests/windows.img > /var/tmp/rpm-tmp.UMecKA: line 48: -s: command not found Unfortunately, incorrectly (not) invoking "test -s" has had results identical to invoking "test -s" correctly and "test -s" failing; therefore we've been just silently skipping our simple conversion, assuming "no non-empty guest disk images". Fix this typo... (3) ... and then run the sole "test-v2v-fedora-luks-on-lvm-conversion.sh" test from the test suite, for verifying the backport in the build environment. (The idea for the future is that we'd run such individual tests whenever backporting patches.) For this, we also start depending (at build time) on the sqlite3 command. resolves: rhbz#2168506 Signed-off-by: Laszlo Ersek <lersek@redhat.com> 2023-06-19 13:50:15 +00:00			`From 6dea82d823c344af0277bb35de789828cfd3e413 Mon Sep 17 00:00:00 2001`
			`From: "Richard W.M. Jones" <rjones@redhat.com>`
			`Date: Sat, 22 Apr 2023 09:06:01 +0100`
			`Subject: [PATCH] Update common submodule`

			`Richard W.M. Jones (1):`
			`mlcustomize/SELinux_relabel.ml: Use Array.mem`

			`Roman Kagan (1):`
			`mlcustomize: skip SELinux relabeling if it's disabled`

			`(cherry picked from commit e83de8abe6c5388585885cef28d7a198b7bfc90c)`
			`---`
			`common \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`Submodule common 70c10a07..38e6988c:`
			`diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml`
			`index 5ecf7bd7..2f3a09bf 100644`
			`--- a/common/mlcustomize/SELinux_relabel.ml`
			`+++ b/common/mlcustomize/SELinux_relabel.ml`
			`@@ -24,10 +24,6 @@ open Printf`

			`module G = Guestfs`

			`-(* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)`
			`-let array_find a l =`
			`- List.mem a (Array.to_list l)`
			`-`
			`let rec relabel (g : G.guestfs) =`
			`(* Is the guest using SELinux? (Otherwise this is a no-op). *)`
			`if is_selinux_guest g then (`
			`@@ -59,14 +55,24 @@ and use_setfiles g =`
			`g#aug_load ();`
			`debug_augeas_errors g;`

			`+ let config_path = "/files/etc/selinux/config" in`
			`+ let config_keys = g#aug_ls config_path in`
			`+ (* SELinux may be disabled via a setting in config file *)`
			`+ let selinux_disabled =`
			`+ let selinuxmode_path = config_path ^ "/SELINUX" in`
			`+ if Array.mem selinuxmode_path config_keys then`
			`+ g#aug_get selinuxmode_path = "disabled"`
			`+ else`
			`+ false in`
			`+ if selinux_disabled then`
			`+ failwith "selinux disabled";`
			`+`
			`(* Get the SELinux policy name, eg. "targeted", "minimum".`
			`* Use "targeted" if not specified, just like libselinux does.`
			`*)`
			`let policy =`
			`- let config_path = "/files/etc/selinux/config" in`
			`let selinuxtype_path = config_path ^ "/SELINUXTYPE" in`
			`- let keys = g#aug_ls config_path in`
			`- if array_find selinuxtype_path keys then`
			`+ if Array.mem selinuxtype_path config_keys then`
			`g#aug_get selinuxtype_path`
			`else`
			`"targeted" in`