On 06/27/2011 06:20 AM, Daniel P. Berrange wrote:
The domain XML documentation is missing information about the <seclabel> element used by security drivers
* formatdomain.html.in: Document <seclabel> --- docs/formatdomain.html.in | 76 +++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 76 insertions(+), 0 deletions(-)
Oh, this covers part of my complaint in both 1/3 and 2/3. If we decide to defer those patches until post-0.9.3, then there is still a good chunk of this patch which should be applied now.
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 3a64983..c1ea480 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2614,6 +2614,82 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl>
+ <h3><a name="seclabel">Security label</a></h3> + + <p> + The <code>seclabel</code> element allows control over the + operation of the security drivers. There are two basic + modes of operation, dynamic where libvirt automatically + generates a unique security label, or static where the + application/administrator chooses the labels. With dynamic + label generation, libvirt will always automatically + relabel any resources associated with the virtual machine. + With static label assignment, by default, the administrator + or application must ensure labels are set correctly on any + resources, however, automatic relabelling can be enabled
s/relabelling/relabeling/ if we are going to favor US spellings in public-facing documentation
+ if desired + </p> + + <p> + Valid input XML configurations for the security label + are: + </p> + + <pre> + <seclabel type='dynamic' model='selinux'/> + + <seclabel type='dynamic' model='selinux'> + <baselabel>system_u:system_r:my_svirt_t:s0</baselabel> + </seclabel>
For example, up to here is useful to be applied now...
+ + <seclabel type='static' model='selinux' relabel='no'> + <label>system_u:system_r:svirt_t:s0:c392,c662</label> + </seclabel>
...while this depends on the rest of the series. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org