[libvirt] Re: XML representation of security labels

Daniel P. Berrange berrange at redhat.com
Fri Aug 29 07:29:43 UTC 2008 

On Fri, Aug 29, 2008 at 08:46:35AM +0200, Daniel Veillard wrote:
> On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
> > On Fri, Aug 29, 2008 at 01:32:27PM +1000, James Morris wrote:
> > > I'd suggest we implement a new label element to avoid breaking 
> > > compatibility and to avoid potential confusion with other types of device 
> > > labels (e.g. as you might see via /dev/disk/by-label).
> > > 
> > > So, how about the following:
> > > 
> > >    <seclabel>
> > > 
> > >        <model>
> > > 
> > >            <!-- model-specific elements in here, to be handled by 
> > >                 named security driver, in this case "selinux" -->
> > >            <selinux>
> > >                <type>targeted</type>
> > >            </selinux>
> > 
> > I'd rather not have security model specific XML element names if
> > practical. We've tried to keep to a naming that is conceptually
> > generic, even if it only has 1 implementation.
> 
>   right in general we have been using element names for specifying the
> concepts and attributes values to explain the specifics.
> 
> > 
> > >        </model>
> > > 
> > >        <value>system_u:object_r:virt_image_t:s0</value>
> > 
> > Since the interpretation of the 'value' element's contents
> > depends on the type of security model, I think the type
> > is better designated on the parent 'seclabel' element. 
> > 
> > > 
> > >    </seclabel>
> > 
> > Would this be sufficient...
> > 
> >    <seclabel model='selinux'>
> >       <policy>targeted</policy>
> >       <value>system_u:object_r:virt_image_t:s0</value>
> >    </seclabel>
> 
>   that looks more homogeneous. i don't know hos that would map to
> other security models, examples would be great

I've just had a read of the Xen user guide on their ACM security module

http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf

It kicks off around page 55

In that example a domain is labeled along the lines of 'ACM:mytest:A-Bank'
where 'ACM' is the security model, 'mytest' is the policy name,
and 'A-Bank' is the seclabel value. Disk files have the same breakdown.
This would map quite easily to 

  <seclabel model='acm'>
       <policy>mytest</policy>
       <value>A-Bank</value>
  </seclabel>



Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list