[libvirt] <seclabel> inside a //disk/source element
Richard W.M. Jones
rjones at redhat.com
Wed Feb 27 18:03:05 UTC 2013
On Wed, Feb 27, 2013 at 05:24:26PM +0000, Daniel P. Berrange wrote:
> On Wed, Feb 27, 2013 at 05:14:55PM +0000, Richard W.M. Jones wrote:
> >
> > According to the docs, it should be possible to do:
> >
> > <disk device="disk" type="file">
> > <source file="/path/to/some/file">
> > <seclabel relabel="no"/> <---- NB
> > </source>
> > <target dev="sda" bus="scsi"/>
> > <driver name="qemu" type="qcow2"/>
> > </disk>
> >
> > However I tried it, and it simply doesn't work. Furthermore I looked
> > at the code in domain_conf.c, and I can't see how it's even supposed
> > to work. It doesn't look to me as if <seclabel> is ever parsed in
> > that context.
> >
> > Can anyone else confirm that this is a bug or point out my error?
>
> Historically this was correct, because we only supported labels for
> one security driver. When we added support for multiple security
> drivers it seems we caused a regression.
>
> <seclabel relabel="no"/>
>
> should have been treated as equivalent to
>
> <seclabel relabel="no" model="selinux"/>
>
> but we're not doing that :-(
This works, thanks.
Unfortunately it leads to an even more intractable labelling problem,
but I'll follow up on the original BZ here:
https://bugzilla.redhat.com/show_bug.cgi?id=912499
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
More information about the libvir-list
mailing list