[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Re: XML representation of security labels

From: Daniel J Walsh <dwalsh redhat com>
To: "Richard W.M. Jones" <rjones redhat com>
Cc: libvir-list redhat com, Stephen Smalley <sds tycho nsa gov>
Subject: Re: [libvirt] Re: XML representation of security labels
Date: Fri, 29 Aug 2008 09:21:13 -0400

Richard W.M. Jones wrote:
> On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
>> Indeed - I'm not aware of any apps using it yet. It is currently only
>> of marginal benefit, since you can't actually set the label, only see
>> the existing (potentially wrong) label.
> 
> It always seemed to me a bit worrying that libvirtd would actually set
> labels on things.  James, am I wrong to be worrying about this?
> 
> Rich.
> 
We can also control the labeles that libvitd can put on objects.   So it
will not be able to put random labels on files. Only labels that it owns.


As an example udev can label all devices with device labels, but it is
not allowed to label random files as shadow_t.

References:
- [libvirt] XML representation of security labels
  - From: James Morris
- [libvirt] Re: XML representation of security labels
  - From: Daniel P. Berrange
- Re: [libvirt] Re: XML representation of security labels
  - From: Richard W.M. Jones

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]