[libvirt] Re: XML representation of security labels
Daniel P. Berrange
berrange at redhat.com
Fri Aug 29 07:29:43 UTC 2008
On Fri, Aug 29, 2008 at 08:46:35AM +0200, Daniel Veillard wrote:
> On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
> > On Fri, Aug 29, 2008 at 01:32:27PM +1000, James Morris wrote:
> > > I'd suggest we implement a new label element to avoid breaking
> > > compatibility and to avoid potential confusion with other types of device
> > > labels (e.g. as you might see via /dev/disk/by-label).
> > >
> > > So, how about the following:
> > >
> > > <seclabel>
> > >
> > > <model>
> > >
> > > <!-- model-specific elements in here, to be handled by
> > > named security driver, in this case "selinux" -->
> > > <selinux>
> > > <type>targeted</type>
> > > </selinux>
> >
> > I'd rather not have security model specific XML element names if
> > practical. We've tried to keep to a naming that is conceptually
> > generic, even if it only has 1 implementation.
>
> right in general we have been using element names for specifying the
> concepts and attributes values to explain the specifics.
>
> >
> > > </model>
> > >
> > > <value>system_u:object_r:virt_image_t:s0</value>
> >
> > Since the interpretation of the 'value' element's contents
> > depends on the type of security model, I think the type
> > is better designated on the parent 'seclabel' element.
> >
> > >
> > > </seclabel>
> >
> > Would this be sufficient...
> >
> > <seclabel model='selinux'>
> > <policy>targeted</policy>
> > <value>system_u:object_r:virt_image_t:s0</value>
> > </seclabel>
>
> that looks more homogeneous. i don't know hos that would map to
> other security models, examples would be great
I've just had a read of the Xen user guide on their ACM security module
http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
It kicks off around page 55
In that example a domain is labeled along the lines of 'ACM:mytest:A-Bank'
where 'ACM' is the security model, 'mytest' is the policy name,
and 'A-Bank' is the seclabel value. Disk files have the same breakdown.
This would map quite easily to
<seclabel model='acm'>
<policy>mytest</policy>
<value>A-Bank</value>
</seclabel>
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list