[Libguestfs] [PATCH 2/7] New internal API: internal_set_libvirt_selinux_label
Richard W.M. Jones
rjones at redhat.com
Thu Feb 28 13:58:07 UTC 2013
On Thu, Feb 28, 2013 at 01:46:24PM +0000, Matthew Booth wrote:
> On Thu, 2013-02-28 at 10:57 +0000, Richard W.M. Jones wrote:
> > From: "Richard W.M. Jones" <rjones at redhat.com>
> >
> > This internal API sets two SELinux labels in the handle (the process
> > label and the image label -- they are closely related).
> >
> > If using the libvirt attach-method with SELinux and sVirt, then this
> > will cause the following XML to be added to the appliance definition:
> >
> > <seclabel type=static model=selinux relabel=yes>
> > <label>[LABEL HERE]</label>
> > <imagelabel>[IMAGELABEL HERE]</imagelabel>
> > </seclabel>
>
> We're hard-coding type=static, model=selinux, relabel=yes here. I have
> no idea what the implications of this are. Are we sure this is ok? I
> guess Dan would be the person to ask.
That's definitely one reason why this is an internal API, not a
published one :-)
At the moment my plan is to do what works (which is this), not what is
elegant or even long-term supportable. I hope in the long term we
could have some XML we could pass to libvirt to say "I want to peek
into the disks of this domain, just do it".
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list