sVirt
Paul Howarth
paul at city-fan.org
Sun Jul 5 15:55:04 UTC 2009
On Sun, 5 Jul 2009 11:36:05 +0100
"Daniel P. Berrange" <berrange at redhat.com> wrote:
> > 4. For ISO files, maybe there should be a new/special file context
> > which allows sharing between processes ... it would be explicit but
> > it would allow sharing ... maybe something like "public_content_t".
>
> There is already a label for read only guest images
>
> system_u:object_r:svirt_image_t:s0
>
> it shouldn't be much work for you to add a custom SELinux plugin that
> gives httpd_t access to content labelled svirt_image_t. Ask the
> fedora-selinux mailing list for assistance if needed
Couldn't an ISO image that's already public_content_t (or even
public_content_rw_t) be left alone, as that type is already well-known
and used for sharing this type of content by various means?
Paul.
More information about the fedora-selinux-list
mailing list