[Thincrust-devel] selinux security context
Kay Williams
kwilliams at renditionsoftware.com
Thu Oct 30 22:28:45 UTC 2008
Bryan Kearney wrote:
> Alan Pevec wrote:
>> Kay Williams wrote:
>>> Would it make sense for appliance-creator to automatically set the
>>> selinux context to created images?
>>
>> I think it would make sense that virt-image sets the SELinux context
>> when installing the appliance image.
>
> Would you suggest it to set a generic type like virt_image_t or a
> specific one such as qemu_t? Both tags can remove the issue.
>
> I am still trying to read through the SELinux docs to understand the
> types and how they relate to the interfaces in the policy.
>
> -- bk
>
Found this recent journal entry from Dan Walsh (Red Hat SELinux engineer) -
http://danwalsh.livejournal.com/2008/10/22/. In it he says:
"virt_manager will setup the labeling correctly when virtual images are
installed..."
So I guess it follows that virt-image would a) handle image labeling and b) have
the same behavior as virt-manager (whatever that is).
More information about the Thincrust-devel
mailing list