[libvirt] [PATCH v1 00/10] Keep original security label
Michal Privoznik
mprivozn at redhat.com
Thu Sep 11 11:21:45 UTC 2014
On 11.09.2014 13:13, Daniel P. Berrange wrote:
> On Wed, Sep 10, 2014 at 03:26:06PM +0200, Michal Privoznik wrote:
>> I know I've sent several versions like ages ago, so this should
>> not start with v1, but hey, this is completely new approach, so
>> I'm gonna start from 1.
>>
>> Here, the virtlockd is misused to hold the original seclabels
>> (although only DAC label is implemented so far). Even more, it
>> does a reference counting, so that only the last label restore
>> does the job, not the previous ones.
>
> Ah interesting approach. Do you have a pointer to your most
> recent posting of the previous approach for comparison. I
> remember seeing it before, but I'm being unlucky finding it
> in the archives right now.
I believe this was my last approach:
http://www.redhat.com/archives/libvir-list/2014-March/msg00826.html
The idea there was to have a file to keep original labels and use
virtlockd to ensure mutual exclusion of multiple daemons. But I must say
stripping the file and moving it into virtlockd (approach presented in
this patch set) looks better to me.
Michal
More information about the libvir-list
mailing list