[libvirt] Updated James Morris patch to apply to libvirt-0.6.0 version

Cole Robinson crobinso at redhat.com
Mon Mar 2 14:24:51 UTC 2009


Daniel P. Berrange wrote:
> On Mon, Mar 02, 2009 at 09:18:05AM +1100, James Morris wrote:
>> On Fri, 27 Feb 2009, Daniel J Walsh wrote:
>>
>>> I think we need a mechanism in libvirtd.conf to turn this off.   And
>>> allow perhaps three modes.
>>>
>>> svirt=Disabled.  No Security Driver.
>>> svirt=MLS (Requires context in xml, no relabel of disks)
>>> svirt=Standard, (If no XML label, then random generate one and reset
>>> file context).
>> I wouldn't call these MLS and Standard.  The simple isolation scheme with 
>> automatic labeling is just one way to do things.  Down the track, we'll 
>> want to be able to specify arbitrary types for guests, not just for MLS.
> 
> I think perhaps we should make this a QEMU driver config option (ie be
> in /etc/libvirt/qemu.conf) and have 2 flags 
> 
>   security_driver="selinux|none"
>   security_autolabel="yes|no"
> 
> If security_autolabel is set to 'no', then the app must pass an explicit
> security context in the domain XML, otherwise the domain is unconfined.
> 
> If security_autolabel is set to 'yes', then if the app passes an explicit
> security context this is used, otherwise it will auto-generate one at
> startup of the VM.
> 

Would we just use capabilities to communicate this choice? If so, would
it be in the host section, or driver specific?

Thanks,
Cole




More information about the libvir-list mailing list