On Wed, Mar 09, 2011 at 07:18:32PM -0700, Eric Blake wrote:
SELinux labeling and cgroup ACLs aren't required if we hand a
pre-opened fd to qemu. All the more reason to love fd: migration.
I know that holds true for cgroups which checks on open() only,
but are you absolutely sure about for SELinux? SELinux checks
FDs on every single syscall. I'm really fuzzy about what happens
to an FD's associated security context when you pass it over
an UNIX socket using SCM_RIGHTS. I think it might 'just work'
as we already do this with TAP devices and don't label them,
but it could be we have a generic policy rule related to TAP
devices.
If it passed testing with SELinux in enforcing mode, then ACK
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|