[libvirt] None seclabel question
Jiri Denemark
jdenemar at redhat.com
Tue Sep 4 11:43:43 UTC 2012
On Tue, Sep 04, 2012 at 11:14:35 +0100, Daniel P. Berrange wrote:
> On Tue, Sep 04, 2012 at 12:00:33PM +0200, Jiri Denemark wrote:
>
> I don't think that description of existing behaviour is accurate. With old
> libvirt you have one <seclabel> (for SELinux/AppArmour), but secretly there
> are 2 security drivers (SELinux/AppArmour + DAC). Setting type=none for
> the seclabel only meant that the SELinux/AppArmour drivers ran the guest
> unconfined. The second (DAC) driver would still be applied to the guest
> making it run unprivileged/confined.
Isn't DAC still applied in the same way?
> What actual problem have you seen with upgrades ?
I don't see any actual problem, I'm just trying to think about them :-) Let's
say there's a domain running with <seclabel type='none'/> while libvirtd is
upgraded and reconfigured to enable more seclabels by default (a very
theoretical example could be [ "selinux", "apparmor" ]. I think neither
selinux nor apparmor labeling should be applied for that domain. Or am I
wrong?
Jirka
More information about the libvir-list
mailing list