[libvirt] RFC: Limited dynamic ownership

Martin Kletzander mkletzan at redhat.com
Tue Aug 23 21:06:20 UTC 2016

Hi everyone,

so there was an idea about limiting the relabelling of images that
libvirt does.  And I'm taking the liberty of pitching my idea how to
approach this.  I feel like it's pretty simple thing and there's not
much to talk about, but a) I could've missed something and b) you might
hate the way I approach it.

The idea is to extend the seclabel XML, for example:

  <seclabel type='dynamic' model='dac' relabel='whitelist'>

Either we allow 'relabel' to be set to 'whitelist' or add a new
attribute with a name like 'mode' or something, which will control how
we relabel the files (actually relabel='no' can mean 'whitelist' and
relabel='yes' can mean blacklist without adding anything there).  After
that you can specify what paths are (dis)allowed to be labelled.

Actually thinking about it I like the following the most:

  <seclabel type='dynamic' model='dac' relabel='no'>
    <whitelist path='/data'/>
    <blacklist path='/data/private/non-virt/stuff'/>

which I believe is pretty explanatory.  Feel free to ask if it's not.
And let me know what you think.

And have a nice day!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160823/03cd58f3/attachment-0001.sig>

More information about the libvir-list mailing list