Re: [libvirt] [PATCH 3/3] Add documentation for the seclabel XML element

The domain XML documentation is missing information about the <seclabel> element used by security drivers * formatdomain.html.in: Document <seclabel> --- docs/formatdomain.html.in | 76 +++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 76 insertions(+), 0 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 3a64983..c1ea480 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2614,6 +2614,82 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl> + <h3><a name="seclabel">Security label</a></h3> + + <p> + The <code>seclabel</code> element allows control over the + operation of the security drivers. There are two basic + modes of operation, dynamic where libvirt automatically + generates a unique security label, or static where the + application/administrator chooses the labels. With dynamic + label generation, libvirt will always automatically + relabel any resources associated with the virtual machine. + With static label assignment, by default, the administrator + or application must ensure labels are set correctly on any + resources, however, automatic relabelling can be enabled

+ if desired + </p> + + <p> + Valid input XML configurations for the security label + are: + </p> + + <pre> + &lt;seclabel type='dynamic' model='selinux'/&gt; + + &lt;seclabel type='dynamic' model='selinux'&gt; + &lt;baselabel&gt;system_u:system_r:my_svirt_t:s0&lt;/baselabel&gt; + &lt;/seclabel&gt;

+ + &lt;seclabel type='static' model='selinux' relabel='no'&gt; + &lt;label&gt;system_u:system_r:svirt_t:s0:c392,c662&lt;/label&gt; + &lt;/seclabel&gt;