[libvirt-users] Disable certain VMs from being launched
Sureshkumar Kaliannan
skaliann at gmail.com
Tue May 17 22:08:49 UTC 2016
The VMs are launched using a pre-defined domain.xml + raw disk.
All VMs (whitelisted + backlisted) ones are launched the same way
(virsh define followed by virsh start)
I want to be able to disable launching of certain VMs(blacklisted ones)
unless explicitly allowed.
What is the best way to accomplish this?
I am exploring the selinux path for this requirement. The current
implementation(understandably) isolates each guest into their own MCS
categories but by default the resources are always relabeled.
Unless, I change the libvirtd code, the auto relabelling can't be
disabled(?)
Still trying to understand the various virt selinux policies, and XML
seclabel options to accomplish this.
Are there better alternatives?
thanks
Suresh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160517/91c40f04/attachment.htm>
More information about the libvirt-users
mailing list