Re: [libvirt-users] Stop the relabeling of CD images
----- Original Message -----
From: Eric Blake <eblake(a)redhat.com>
To: Cristian Ciupitu <cristian.ciupitu(a)yahoo.com>
Cc: libvirt-users <libvirt-users(a)redhat.com>
Sent: Monday, August 19, 2013 11:24 PM
Subject: Re: [libvirt-users] Stop the relabeling of CD images
So maybe this would do it:
<source file=...>
<seclabel model='selinux' relabel='no'/>
<seclabel model='dac' relabel='no'/>
</source>
I've just tried it and the SELinux label is not changed anymore, but the
ownership is still changed to qemu:qemu.
I'm also not sure why you think to resort to chattr +i, but if
using
that causes libvirt heartburn, maybe we have a bug to fix to be more
tolerant of failed label attempts due to chattr.
I resorted to `chattr +i` because I got tired of libvirtd messing with
my files even if it wasn't required. The official versions of libvirtd
from Fedora 18 or 19 used to complain about not being able to change the
files, but the current bleeding edge version hasn't complained (with the
XML config from above).
To sum it up, SELinux - solved, DAC - not (yet).
Thank you,
Cristian Ciupitu