Re: [libvirt] Updated James Morris patch to apply to libvirt-0.6.0 version

["Daniel P. Berrange" <berrange redhat com>]

On Mon, Mar 02, 2009 at 09:18:05AM +1100, James Morris wrote:
> On Fri, 27 Feb 2009, Daniel J Walsh wrote:
> 
> > I think we need a mechanism in libvirtd.conf to turn this off.   And
> > allow perhaps three modes.
> > 
> > svirt=Disabled.  No Security Driver.
> > svirt=MLS (Requires context in xml, no relabel of disks)
> > svirt=Standard, (If no XML label, then random generate one and reset
> > file context).
> 
> I wouldn't call these MLS and Standard.  The simple isolation scheme with 
> automatic labeling is just one way to do things.  Down the track, we'll 
> want to be able to specify arbitrary types for guests, not just for MLS.

I think perhaps we should make this a QEMU driver config option (ie be
in /etc/libvirt/qemu.conf) and have 2 flags 

  security_driver="selinux|none"
  security_autolabel="yes|no"

If security_autolabel is set to 'no', then the app must pass an explicit
security context in the domain XML, otherwise the domain is unconfined.

If security_autolabel is set to 'yes', then if the app passes an explicit
security context this is used, otherwise it will auto-generate one at
startup of the VM.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|