[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James Morris wrote:
> On Wed, 14 Jan 2009, Daniel J Walsh wrote:
> 
>> I think labeling can be done to allow the access to directories, and
>> files.  So libvirt could go in an label a file/directory in such a way
>> that the running qemu_t:s0.c10 can read or read/write the file/directory.
>>
>> Same with the ability to create save images, as long as the labeling is
>> correct.  The only problem I see here is the searching of the directory
>> path to the location of the directories.  If we want to allow users to
>> store files/directories anywhere, we end up having to allow qemu_t the
>> ability to at least search every directory on the system, and
>> potentially read them.   Having the ability to read a directory is
>> sometimes valuable, for a hacker.
> 
> I thought the virt-manager etc. tools were moving toward using 
> standardized directories and not allowing users to put VM images 
> just anywhere.
> 
This is more the iso images used to install virt images can be anywhere.

So a user copies a iso image to his home directory and then installs the
iso using virt-manager.  Currently qemu_t would need to read user_home_t
to make this work.  If virt-manager/libvirt were to relabel the iso file
to virt_image_t then qemu_t would be able to read it, iff it could
search all of the parent directories.

Daniel, has brought up the fact that additional files/directories could
be added to the image via virt_manager, He is suggesting that
virt-manager/libvirt would label images something like virt_image_t or
virt_image_ro_t.

With Svirt, these would also need the categories added.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkluVPcACgkQrlYvE4MpobPSSACg6eaZhuA+9teDqVN7ebRQkVV2
LTUAn0vKMh9TdHDvJOuT0iIeT3krHeP/
=Q/VZ
-----END PGP SIGNATURE-----