[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v1 00/10] Keep original security label



On 11.09.2014 13:13, Daniel P. Berrange wrote:
On Wed, Sep 10, 2014 at 03:26:06PM +0200, Michal Privoznik wrote:
I know I've sent several versions like ages ago, so this should
not start with v1, but hey, this is completely new approach, so
I'm gonna start from 1.

Here, the virtlockd is misused to hold the original seclabels
(although only DAC label is implemented so far). Even more, it
does a reference counting, so that only the last label restore
does the job, not the previous ones.

Ah interesting approach. Do you have a pointer to your most
recent posting of the previous approach for comparison. I
remember seeing it before, but I'm being unlucky finding it
in the archives right now.

I believe this was my last approach:

http://www.redhat.com/archives/libvir-list/2014-March/msg00826.html

The idea there was to have a file to keep original labels and use virtlockd to ensure mutual exclusion of multiple daemons. But I must say stripping the file and moving it into virtlockd (approach presented in this patch set) looks better to me.

Michal


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]