[libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element

Daniel P. Berrange berrange at redhat.com
Thu Jul 30 10:28:18 UTC 2015


On Thu, Jul 23, 2015 at 06:13:46PM +0800, Luyao Huang wrote:
> Introduce a new element in shmem device element, this
> could help users to change the shm label to a specified
> label.
> 
> Signed-off-by: Luyao Huang <lhuang at redhat.com>
> ---
>  docs/formatdomain.html.in     |  7 ++++++
>  docs/schemas/domaincommon.rng |  3 +++
>  src/conf/domain_conf.c        | 55 ++++++++++++++++++++++++++++++++++---------
>  src/conf/domain_conf.h        |  5 ++++
>  4 files changed, 59 insertions(+), 11 deletions(-)
> 
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index d0c1741..e02c67c 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null
>        vectors. The <code>ioeventd</code> attribute enables/disables (values
>        "on"/"off", respectively) ioeventfd.
>      </dd>
> +    <dt><code>seclabel</code></dt>
> +    <dd>
> +      The  optional <code>seclabel</code> to override the way that labelling
> +      is done on the shm object path or shm server path.  If this
> +      element is not present, the <a href="#seclabel">security label is inherited
> +      from the per-domain setting</a>.
> +    </dd>
>    </dl>
>  
>      <h4><a name="elementsMemory">Memory devices</a></h4>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 1120003..f58e8de 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -3323,6 +3323,9 @@
>              </optional>
>            </element>
>          </optional>
> +        <zeroOrMore>
> +          <ref name='devSeclabel'/>
> +        </zeroOrMore>
>          <optional>
>            <ref name="address"/>
>          </optional>

So in the <disk> XML we have an explicit element to indicate whether the
device is intended to be shared across multiple guests. <shareable/>

I think we need to have the same flag added to the shm device too, so
that we sanity check whether a particular shm was intended to be shared
or whether it is a mistake when multiple guests use it. This will also
allow us to integrate with the virtlockd to acquire exclusive locks
against the shm device to actively prevent admin mistakes starting
2 guests with the same shm. It will also let us automatically choose
the right default SELinux label ie svirt_image_t:s0:c214,c3242 for
exclusive access vs svirt_image_t:s0 for shared access


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list