On Wed, Jan 23, 2013 at 06:26:49PM -0700, Eric Blake wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=718377 complains that there were some SELinux AVCs when using vnc console over Kerberos. The root problem was that Kerberos tries to set up a cache file, and if we don't tell it where, then all domains use the same cache file, which violates sVirt protections. Setting the environment variable unconditionally should be safe, even for setups where Kerboros won't actually create a cache file.
Rare chance for me to point out a typo to Eric instead of the other way around:-P s/Kerboros/Kerberos/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|