On Tue, Sep 04, 2012 at 11:14:35 +0100, Daniel P. Berrange wrote:
On Tue, Sep 04, 2012 at 12:00:33PM +0200, Jiri Denemark wrote:
I don't think that description of existing behaviour is accurate. With old libvirt you have one <seclabel> (for SELinux/AppArmour), but secretly there are 2 security drivers (SELinux/AppArmour + DAC). Setting type=none for the seclabel only meant that the SELinux/AppArmour drivers ran the guest unconfined. The second (DAC) driver would still be applied to the guest making it run unprivileged/confined.
Isn't DAC still applied in the same way?
What actual problem have you seen with upgrades ?
I don't see any actual problem, I'm just trying to think about them :-) Let's say there's a domain running with <seclabel type='none'/> while libvirtd is upgraded and reconfigured to enable more seclabels by default (a very theoretical example could be [ "selinux", "apparmor" ]. I think neither selinux nor apparmor labeling should be applied for that domain. Or am I wrong? Jirka