[Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
Vivek Goyal
vgoyal at redhat.com
Tue Jul 14 12:33:07 UTC 2020
On Mon, Jul 13, 2020 at 05:39:05PM -0400, Daniel Walsh wrote:
[..]
> >> Otherwise we either have to disable selinux on host (if we want to
> >> support it in guest) or somehow guest and how policies will have
> >> to know about each other and be able to work together (which will
> >> be hard for a generic use case).
> > Yes, I agree this is hard to do for a generic case but unfortunately
> > the more I understand how selinux works the less I feel that it works
> > well with a passthrough style file system. As you said it either
> > needs to be turned off on the host or the host and guest need to work
> > together.
>
> Correct both kernels need to understand the labels, or one of the
> kernels has to have SELinux disabled.
>
> That is the bottom line. Same issue exists for labeled NFS so I don't
> see this as a problem.
Dan,
So what does labeled NFS do. Server disables SELinux so that it can
be enabled on client?
Thanks
Vivek
More information about the Virtio-fs
mailing list