Re: [libvirt] [PATCH v1 00/10] Keep original security label
On 11.09.2014 13:13, Daniel P. Berrange wrote:
On Wed, Sep 10, 2014 at 03:26:06PM +0200, Michal Privoznik wrote:
> I know I've sent several versions like ages ago, so this should
> not start with v1, but hey, this is completely new approach, so
> I'm gonna start from 1.
>
> Here, the virtlockd is misused to hold the original seclabels
> (although only DAC label is implemented so far). Even more, it
> does a reference counting, so that only the last label restore
> does the job, not the previous ones.
Ah interesting approach. Do you have a pointer to your most
recent posting of the previous approach for comparison. I
remember seeing it before, but I'm being unlucky finding it
in the archives right now.
I believe this was my last approach:
http://www.redhat.com/archives/libvir-list/2014-March/msg00826.html
The idea there was to have a file to keep original labels and use
virtlockd to ensure mutual exclusion of multiple daemons. But I must say
stripping the file and moving it into virtlockd (approach presented in
this patch set) looks better to me.
Michal