[libvirt] Re: XML representation of security labels
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 29 13:21:13 UTC 2008
Richard W.M. Jones wrote:
> On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
>> Indeed - I'm not aware of any apps using it yet. It is currently only
>> of marginal benefit, since you can't actually set the label, only see
>> the existing (potentially wrong) label.
>
> It always seemed to me a bit worrying that libvirtd would actually set
> labels on things. James, am I wrong to be worrying about this?
>
> Rich.
>
We can also control the labeles that libvitd can put on objects. So it
will not be able to put random labels on files. Only labels that it owns.
As an example udev can label all devices with device labels, but it is
not allowed to label random files as shadow_t.
More information about the libvir-list
mailing list