[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Morris wrote:
On Wed, 14 Jan 2009, Daniel J Walsh wrote:
> I think labeling can be done to allow the access to directories, and
> files. So libvirt could go in an label a file/directory in such a way
> that the running qemu_t:s0.c10 can read or read/write the file/directory.
>
> Same with the ability to create save images, as long as the labeling is
> correct. The only problem I see here is the searching of the directory
> path to the location of the directories. If we want to allow users to
> store files/directories anywhere, we end up having to allow qemu_t the
> ability to at least search every directory on the system, and
> potentially read them. Having the ability to read a directory is
> sometimes valuable, for a hacker.
I thought the virt-manager etc. tools were moving toward using
standardized directories and not allowing users to put VM images
just anywhere.
This is more the iso images used to install virt images can be anywhere.
So a user copies a iso image to his home directory and then installs the
iso using virt-manager. Currently qemu_t would need to read user_home_t
to make this work. If virt-manager/libvirt were to relabel the iso file
to virt_image_t then qemu_t would be able to read it, iff it could
search all of the parent directories.
Daniel, has brought up the fact that additional files/directories could
be added to the image via virt_manager, He is suggesting that
virt-manager/libvirt would label images something like virt_image_t or
virt_image_ro_t.
With Svirt, these would also need the categories added.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkluVPcACgkQrlYvE4MpobPSSACg6eaZhuA+9teDqVN7ebRQkVV2
LTUAn0vKMh9TdHDvJOuT0iIeT3krHeP/
=Q/VZ
-----END PGP SIGNATURE-----