The VMs are launched using a pre-defined domain.xml + raw disk.
All VMs (whitelisted + backlisted) ones are launched the same way
(virsh define followed by virsh start)
I want to be able to disable launching of certain VMs(blacklisted ones)
unless explicitly allowed.
What is the best way to accomplish this?
I am exploring the selinux path for this requirement. The current
implementation(understandably) isolates each guest into their own MCS
categories but by default the resources are always relabeled.
Unless, I change the libvirtd code, the auto relabelling can't be
disabled(?)
Still trying to understand the various virt selinux policies, and XML
seclabel options to accomplish this.
Are there better alternatives?
thanks
Suresh
Show replies by date