[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

On Wed, 14 Jan 2009, Daniel J Walsh wrote:

> I think labeling can be done to allow the access to directories, and
> files.  So libvirt could go in an label a file/directory in such a way
> that the running qemu_t:s0.c10 can read or read/write the file/directory.
> Same with the ability to create save images, as long as the labeling is
> correct.  The only problem I see here is the searching of the directory
> path to the location of the directories.  If we want to allow users to
> store files/directories anywhere, we end up having to allow qemu_t the
> ability to at least search every directory on the system, and
> potentially read them.   Having the ability to read a directory is
> sometimes valuable, for a hacker.

I thought the virt-manager etc. tools were moving toward using 
standardized directories and not allowing users to put VM images 
just anywhere.

James Morris
<jmorris namei org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]