[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] NOTE: In libguestfs 1.19.41, the libvirt backend will have sVirt enabled by default



[If you're using the upstream libguestfs with default settings, then
this does NOT affect you.  libvirt isn't required by libguestfs.]

>From libguestfs 1.19.41, if you have selected the alternate libvirt
method to launch the appliance, ie, if you have done:

  ./configure --with-default-attach-method=libvirt

then sVirt is enabled by default.

This is for enhanced security: if a malicious disk image manages to
corrupt the appliance *and* take over qemu, then SELinux provides
additional confinement of the qemu process, ensuring it cannot read or
write arbitrary files or other resources in the host.  From Fedora 18,
this will be the default.

However sVirt won't work currently unless you patch libvirt and add
some SELinux policy.  The details are in these two bugs:

  https://bugzilla.redhat.com/show_bug.cgi?id=853393
  https://bugzilla.redhat.com/show_bug.cgi?id=857453

I hope to get these fixes upstream soon.

Furthermore if you want to run 'make check' with libvirt + sVirt +
SELinux=Enforcing, then you'll need to label the 'tmp' directory in
the libguestfs sources:

  cd /path/to/libguestfs
  chcon --reference=/tmp tmp

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]