Hi,
I would like to propose the following patch for the libvirtd.conf file to
document sVirt and its usage. If you have suggestions to add better wording,
please let me know.
(If you reply with comments, could you please CC me as I am not on the list.)
Ciao
Stephan
---
diff --git a/cc-config/cc/libvirtd.conf b/cc-config/cc/libvirtd.conf
index 43e19d8..a9acc21 100644
--- a/cc-config/cc/libvirtd.conf
+++ b/cc-config/cc/libvirtd.conf
@@ -154,7 +154,52 @@ auth_unix_rw = "none"
# mechanism as well, by using 'sasl' for this option
#auth_tls = "none"
-
+#################################################################
+#
+# sVirt protection mechanisms
+#
+# The following options specify the separation of virtual machines
+# based on SELinux categories. As virtual machines execute with the
+# same user ID, an additional separation functionality is necessary
+# to prevent different virtual machines from interfering with each other
+# in case the simulation environment provided with QEMU is
+# successfully broken by a rogue guest.
+#
+# The sVirt protection mechanism implements two modes of operation:
+# dynamic assignment of SELinux categories
+# static assignment of SELinux labels
+#
+# A dynamic assignment of categories implies that libvirt generates
+# a unique SELinux category that the virtual machine and its resources
+# are assigned to during the instantiation of the virtual machine.
+# SELinux ensures that each virtual machine can only access resources
+# labeled with the same category as the virtual machine itself.
+#
+# A static assignment of SELinux labels imply that the administrator
+# manually configures the SELinux label of the virtual machine in
+# /etc/libvirt/qemu/<VM-DESCRIPTOR> based on the following example:
+#
+# <seclabel model='selinux' type="static">
+# <label>system_u:system_r:qemu_t:s0:c210.c502</label>
+# </seclabel>
+#
+# The <label> tag specifies a full SELinux label the virtual machine
+# will be executed with.
+#
+# In addition to the setting of the SELinux label of the virtual
+# machine, the administrator must manually set the SELinux label
+# of all resources the virtual machine accesses appropriately.
+#
+# NOTE: The dynamic assignment of categories is only intended for
+# systems with the targeted SELinux policy. Systems with the MLS
+# SELinux policy MUST use the static assignment of labels.
+# It is possible that static assignment is configured for
+# systems with the targeted policy as well.
+#
+# dynamic_ownership: 0 == static assignment of SELinux labels
+# 1 == dynamic assignment of SELinux labels
+dynamic_ownership=1
+#