3 Jan
2023
3 Jan
'23
2:03 p.m.
On Wed, Dec 21, 2022 at 08:43:57 +0100, Michal Privoznik wrote:
There are some network FSs (ceph, CIFS) that propagate XATTTs properly and thus SELinux labels too. In such case using dynamic seclabels would get in the way of migration as new seclabel is assigned to the domain on the destination and thus two processes with different labels (the source and the destination QEMU/helper process) would try to access the same file. One of them is necessarily going to be denied access.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/drvqemu.rst | 7 +++++++ 1 file changed, 7 insertions(+)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>