30 Jun
2014
30 Jun
'14
3:34 p.m.
Hi, I am studying sVirt,i have some questions about virSecuritySELinuxSetSecurityAllLabel() function (below AllLabel() instead)in src/security/security_selinux.c.
From some materials, i have understood how sVirt works. AllLabel() is responsible to label "object",in most materials, "object" represents image files, howerver, in AllLabel(),i find there are some other "object"(Hostdev,TPMFile,Chardev,Smartcard,os.kernel, os.initrd,os.dtb) to be labeled.
I have question about the scope of "object",besides labeling image files,is those other object necessary to be labeled to guarantee sVirt to achieve strong isolation.