Re: [libvirt] RFC: extending sVirt to confine host apps which talk to libvirtd
On Wed, Jun 08, 2011 at 04:54:34PM +0100, Richard W.M. Jones wrote:
On Mon, Jun 06, 2011 at 03:41:23PM +0100, Daniel P. Berrange wrote:
> 13. Write policy to confine targetted applications like virt-top,
> virt-mem.
It's called 'virt-dmesg' now :-)
If I'm understand this all correctly, changes are not required to
virt-top and virt-dmesg themselves. Instead all changes are confined
to selinux-policy?
Yeah, it shouldn't need any code changes, unless the app is doing
something really crazy, which is somewhat unlikely
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|