[libvirt] images on NFS do not have MCS when selinux is on
Eric Blake
eblake at redhat.com
Mon Apr 8 20:08:19 UTC 2013
On 04/08/2013 12:45 AM, yue wrote:
> hi,all
> i now test selinux(enforcing). i assign a nfs-image to a VM, then start it.
> at the beginning i set virt_use_nfs on, its image does not has a MCS corresponding to qemu-kvm process's MCS
> then i remount nfs with -o context="system_u:object_r:virt_image_t:s0" , restart VM, its image does not has a corresponding MCS.
> #ls -lZ
> ####system_u:object_r:virt_image_t:s0 803003d2-3a2b-4581-a7cb-dc7fac06e7af
> why this happen? if this is right for NFS?
NFS doesn't support SELinux labels. Setting 'virt_use_nfs on' is your
way of telling SELinux 'I acknowledge that I can't set MCS labels on NFS
files, and that I therefore have a security risk that by turning this
on, a rogue guest could corrupt ANY file in NFS rather than just the
files assigned to the guest'.
There are plans under way to teach qemu how to pass NFS files in by file
descriptor, instead of letting qemu open() them; if these plans ever
reach completion, then the 'virt_use_nfs on' option will no longer be
necessary - it will be possible to use SELinux to prevent qemu from
directly open()ing any file that lives on NFS, and libvirt will use fd
passing to tell qemu which NFS files it may access. But that probably
still won't happen in time for the upcoming qemu 1.5 release.
Meanwhile, what you are observing is correct - it is the best we can do
with existing NFS restrictions.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130408/3ac59586/attachment-0001.sig>
More information about the libvir-list
mailing list