Richard W.M. Jones wrote:
On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
> Indeed - I'm not aware of any apps using it yet. It is currently only
> of marginal benefit, since you can't actually set the label, only see
> the existing (potentially wrong) label.
It always seemed to me a bit worrying that libvirtd would actually set
labels on things. James, am I wrong to be worrying about this?
Rich.
We can also control the labeles that libvitd can put on objects. So it
will not be able to put random labels on files. Only labels that it owns.
As an example udev can label all devices with device labels, but it is
not allowed to label random files as shadow_t.