[PATCH 7/7] docs: Recommend static seclabels for migration on shared storage
Peter Krempa
pkrempa at redhat.com
Tue Jan 3 13:03:44 UTC 2023
On Wed, Dec 21, 2022 at 08:43:57 +0100, Michal Privoznik wrote:
> There are some network FSs (ceph, CIFS) that propagate XATTTs
> properly and thus SELinux labels too. In such case using dynamic
> seclabels would get in the way of migration as new seclabel is
> assigned to the domain on the destination and thus two processes
> with different labels (the source and the destination QEMU/helper
> process) would try to access the same file. One of them is
> necessarily going to be denied access.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> docs/drvqemu.rst | 7 +++++++
> 1 file changed, 7 insertions(+)
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
More information about the libvir-list
mailing list