[Libguestfs] [PATCH 3/7] add_drive: Add selinuxnorelabel optional boolean.

Richard W.M. Jones rjones at redhat.com
Thu Feb 28 14:20:54 UTC 2013 

On Thu, Feb 28, 2013 at 02:00:50PM +0000, Matthew Booth wrote:
> On Thu, 2013-02-28 at 10:57 +0000, Richard W.M. Jones wrote:
> > From: "Richard W.M. Jones" <rjones at redhat.com>
> > 
> > If set, this causes <seclabel model=selinux relabel=no> to be added to
> > the disk element in the libvirt XML.
> > 
> > It has no effect *except* on the libvirt attach method when SELinux
> > and sVirt is being used.
> > ---
> >  generator/actions.ml   |  8 +++++++-
> >  src/guestfs-internal.h |  1 +
> >  src/launch-libvirt.c   | 20 ++++++++++++++++++++
> >  src/launch.c           | 21 ++++++++++++++-------
> >  4 files changed, 42 insertions(+), 8 deletions(-)
> 
> Is there any instance where we would *not* want to do this? Off the top
> of my head, I can't think of a good reason for libguestfs to be in the
> business of relabelling drives. Can we not just hard-code this off?
> 
> If, on the other hand, there is a good reason to make this option, I
> think it should be explained in the docs below.

It's a tricky situation, but if libguestfs's appliance is confined by
sVirt, and if we're accessing an ordinary, non-shared disk, then you
have to have libvirt label the disk otherwise qemu won't be able to open it.

The situation here is different: we want to confine libguestfs's
appliance with sVirt, and access a shared disk which already has some
other label, so we label the appliance to conform to the disk.  The
reason we don't want libvirt to label the disk is really a bug in
libvirt: when the libvirt connection is closed, it resets the label
*not* to what it was before, but to some other label.  We want to tell
libvirt to leave it alone and not do this.  So you can argue that the
need for this flag is to work around a bug in libvirt.

Another way to do this would be not to use svirt_t at all, but to have
some other process label (sguestfs_t) which has fewer restrictions
than svirt_t.  The trick would be to make the confinement meaningful,
since the whole point of using sVirt with libguestfs is to confine the
appliance against the threat of rogue disk images.  Also I guess this
would need deep changes to libvirt.

[Adding Dan & Dan]

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

More information about the Libguestfs mailing list