Re: [libvirt] Updated James Morris patch to apply to libvirt-0.6.0 version
On Mon, Mar 02, 2009 at 09:18:05AM +1100, James Morris wrote:
On Fri, 27 Feb 2009, Daniel J Walsh wrote:
> I think we need a mechanism in libvirtd.conf to turn this off. And
> allow perhaps three modes.
>
> svirt=Disabled. No Security Driver.
> svirt=MLS (Requires context in xml, no relabel of disks)
> svirt=Standard, (If no XML label, then random generate one and reset
> file context).
I wouldn't call these MLS and Standard. The simple isolation scheme with
automatic labeling is just one way to do things. Down the track, we'll
want to be able to specify arbitrary types for guests, not just for MLS.
I think perhaps we should make this a QEMU driver config option (ie be
in /etc/libvirt/qemu.conf) and have 2 flags
security_driver="selinux|none"
security_autolabel="yes|no"
If security_autolabel is set to 'no', then the app must pass an explicit
security context in the domain XML, otherwise the domain is unconfined.
If security_autolabel is set to 'yes', then if the app passes an explicit
security context this is used, otherwise it will auto-generate one at
startup of the VM.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|