[libvirt] Updated James Morris patch to apply to libvirt-0.6.0 version

[Daniel P. Berrange]

On Fri, Feb 27, 2009 at 03:37:55PM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Another patch off latest repository.
> 
> This patch does not require the XML to include a label, although this is
> still supported.
> 
> Implemented most of the comments from Jim.  make check and make
> syntax-check passes, Added seclabeltest.c to run in tests, Updated
> capability.rng, although not really sure I did it right.
> 
> This patch will generate random MCS Labels and relabels the image files
> to match.  Seems to work well on F11.
> 
> I will back port some policy to allow it to work on F10.
> 
> I think we need a mechanism in libvirtd.conf to turn this off.   And
> allow perhaps three modes.
> 
> svirt=Disabled.  No Security Driver.
> svirt=MLS (Requires context in xml, no relabel of disks)
> svirt=Standard, (If no XML label, then random generate one and reset
> file context).
> 
> How should I read config from libvirt.conf and and not enable he
> SecurityModel?

libvirtd.conf is for the general daemon configuration.

The QEMU driver has a separate /etc/libvirt/qemu.conf which is
read by qemudLoadDriverConfig() into struct qemud_driver. The
code for this is in src/qemu_conf.c 

The security driver is really more of a generic resource though,
that we could use in several drivers, so another alternative
is an /etc/libvirt/svirt.conf loaded the svirt driver. In any
case look at the qemudLoadDriverConfig() for example of the API
usage for config files

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|