Re: [PATCH v3 2/5] qemu: Introduce shared_filesystems configuration option
On Thu, May 09, 2024 at 05:10:50PM GMT, Peter Krempa wrote:
Now things I see as problem in case when NFS not supporting xattr is
used. This means that the remote VM can set XATTRs and must use
'virt_use_nfs' sebool.
I must be confused about the purpose of the virt_use_nfs sebool, and
I can't seem to find decent documentation about it. Do you have any
handy?
Have you actually been able to use either SELinux or (trusted)
XATTRs on an NFS-mounted filesystem? If so, how?
IMO the only proper option to do this across the XATTR boundary will
be
to have an additional step in the finalizing phase of migration that
will unref the libvirt labels. In case when the last reference is gone
it'd need to also restore the label, same as it does now. During
migration there'll need to be a period while two refs are on the libvirt
xattrs.
This sounds fairly attractive from a high-level point of view, though
I'll admit that I'm concerned about things going out of sync and
unintentionally cutting off file access to the target host as a
consequence of that.
As said I'll need to actually check what's really happening
in regards
of the selinux labels.
Please do. Hopefully you'll get further than I was able to :)
--
Andrea Bolognani / Red Hat / Virtualization