[libvirt] Re: [RFC] sVirt v0.10 - initial prototype
James Morris
jmorris at namei.org
Wed Oct 29 21:51:03 UTC 2008
On Tue, 21 Oct 2008, Daniel P. Berrange wrote:
> eg perhaps something like
>
> # virsh capabilities
> <capabilities>
>
> <host>
> <cpu>
> <arch>i686</arch>
> </cpu>
> <secpolicy model='selinux'>
> <type>targetted</type>
> <state>enforcing</state>
> </secpolicy>
> </host>
>
> .... snip rest of XML...
I don't think the endforcing state for the host will be useful, as this
can change between API calls, and it really needs to be enforced on the
host at the time of domain instantiation.
> Is there any meaningful / useful policy version information that can
> be included here ? Or policy feature bits
Possibly, although I think we should leave the configuration of DOI to the
admin, rather than trying to figure out what might be useful in advance.
In some cases, the admin may wish to use an RPM package+version string,
and others, a domain name could indicate that each system is managed
within an boundary with consistent label semantics.
- James
--
James Morris
<jmorris at namei.org>
More information about the libvir-list
mailing list