[libvirt] Re: XML representation of security labels
Casey Schaufler
casey at schaufler-ca.com
Fri Aug 29 15:07:10 UTC 2008
James Morris wrote:
> On Fri, 29 Aug 2008, Daniel Veillard wrote:
>
>
>>>> 2. The XML format for security labels needs to be extended to indicate
>>>> which security model is in use, and potentially carry model-specific
>>>> metadata. For SELinux, we may want to know what type of policy is active,
>>>> and later, be able to interpret labels generated on other systems.
>>>>
>> I guess so far we didn't look at the interpretation of security
>> context in the case of migration to a different system. The problem
>> is that except for the base UNIX informations, they are likely to be
>> lost. Still i would expect that storage will have to be shared for
>> such migration, so in the end the case of migration of security context
>> values looks like quite unprobable, but maybe I don't see some of the
>> use cases (heterogenous server pools ?)
>>
>
> In the simplest case, we'll just be wanting to ensure that domains are
> running with distinct labels for separation purposes, so that concept may
> be possible to convey during migration.
>
> As for specific labels (e.g. "privileged", "company-confidential" etc.),
> this is a general problem to be solved for distributed MAC security, and
> we would not expect to solve it here in the first iteration. There's a
> term used in this area called Domain of Interpretation (DOI), which is
> essentially label metatdata used to interpret/translated labels between
> systems. It's something that can be added to the XML if/when needed, but
> we don't need it now.
>
> The Labeled NFS and labeled networking projects are addressing similar
> issues, and it's possible that one or both would be involved in
> distributing sVirt across the network.
>
>
>
>>> <seclabel model='selinux'>
>>> <policy>targeted</policy>
>>> <value>system_u:object_r:virt_image_t:s0</value>
>>> </seclabel>
>>>
>> that looks more homogeneous. i don't know hos that would map to
>> other security models, examples would be great
>>
>
> I've cc'd Casey, who wrote Smack. I'm not sure what the application of
> Smack would be here (and Casey may not like the idea at all), but it is a
> label-based MAC system.
>
>
<seclabel model='Smack'>
<value>_</value>
</seclabel>
Seems like a lot of mechanism to pass a string, but this is the 21st
century.
> (The thread starts here:
> https://www.redhat.com/archives/libvir-list/2008-August/msg00740.html)
>
>
> - James
>
More information about the libvir-list
mailing list