[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Re: XML representation of security labels



James Morris wrote:
On Fri, 29 Aug 2008, Daniel Veillard wrote:

2. The XML format for security labels needs to be extended to indicate which security model is in use, and potentially carry model-specific metadata. For SELinux, we may want to know what type of policy is active, and later, be able to interpret labels generated on other systems.
  I guess so far we didn't look at the interpretation of security
context in the case of migration to a different system. The problem
is that except for the base UNIX informations, they are likely to be
lost. Still i would expect that storage will have to be shared for
such migration, so in the end the case of migration of security context
values looks like quite unprobable, but maybe I don't see some of the
use cases (heterogenous server pools ?)

In the simplest case, we'll just be wanting to ensure that domains are running with distinct labels for separation purposes, so that concept may be possible to convey during migration.

As for specific labels (e.g. "privileged", "company-confidential" etc.), this is a general problem to be solved for distributed MAC security, and we would not expect to solve it here in the first iteration. There's a term used in this area called Domain of Interpretation (DOI), which is essentially label metatdata used to interpret/translated labels between systems. It's something that can be added to the XML if/when needed, but we don't need it now.

The Labeled NFS and labeled networking projects are addressing similar issues, and it's possible that one or both would be involved in distributing sVirt across the network.


   <seclabel model='selinux'>
      <policy>targeted</policy>
      <value>system_u:object_r:virt_image_t:s0</value>
   </seclabel>
  that looks more homogeneous. i don't know hos that would map to
other security models, examples would be great

I've cc'd Casey, who wrote Smack. I'm not sure what the application of Smack would be here (and Casey may not like the idea at all), but it is a label-based MAC system.


<seclabel model='Smack'>
  <value>_</value>
</seclabel>

Seems like a lot of mechanism to pass a string, but this is the 21st century.

(The thread starts here:
https://www.redhat.com/archives/libvir-list/2008-August/msg00740.html)


- James


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]