Re: [libvirt] None seclabel question
On Tue, Sep 04, 2012 at 11:14:35 +0100, Daniel P. Berrange wrote:
On Tue, Sep 04, 2012 at 12:00:33PM +0200, Jiri Denemark wrote:
I don't think that description of existing behaviour is accurate. With old
libvirt you have one <seclabel> (for SELinux/AppArmour), but secretly there
are 2 security drivers (SELinux/AppArmour + DAC). Setting type=none for
the seclabel only meant that the SELinux/AppArmour drivers ran the guest
unconfined. The second (DAC) driver would still be applied to the guest
making it run unprivileged/confined.
Isn't DAC still applied in the same way?
What actual problem have you seen with upgrades ?
I don't see any actual problem, I'm just trying to think about them :-) Let's
say there's a domain running with <seclabel type='none'/> while libvirtd
is
upgraded and reconfigured to enable more seclabels by default (a very
theoretical example could be [ "selinux", "apparmor" ]. I think
neither
selinux nor apparmor labeling should be applied for that domain. Or am I
wrong?
Jirka