Hi, I am studying sVirt,i have some questions about virSecuritySELinuxSetSecurityAllLabel() function (below AllLabel() instead)in src/security/security_selinux.c.

From some materials, i have understood how sVirt works. AllLabel() is responsible to label "object",in most materials, "object" represents image files, howerver, in AllLabel(),i find there are some other "object"(Hostdev,TPMFile,Chardev,Smartcard,os.kernel, os.initrd,os.dtb) to be labeled.

I have question about the scope of "object",besides labeling image files,is those other object necessary to be labeled to guarantee sVirt to achieve strong isolation.