[libvirt] [PATCH v3 0/2] Add <seclabel> to character devices.

Thursday, 20 September 2012

Previous discussion:
https://www.redhat.com/archives/libvir-list/2012-September/thread.html#01037

This adds <seclabel> to character devices' <source/> elements,
like this:

    <serial type="unix">
      <source mode="connect" path="/tmp/console.sock">
        <seclabel model="selinux" relabel="no"/>
      </source>
      <target port="0"/>
    </serial>

I tested it by controlling the labelling of the libguestfs console
socket (when unlabelled, SELinux prevents libguestfs from starting),
and it appears to work.

By the way, I could only get this to work by explicitly adding the
model="selinux" attribute.  Looking at the code, it seems the same
would be true for disk-specific seclabels too, so the documentation is
wrong.

Rich.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH v3 0/2] Add <seclabel> to character devices.