[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] dynamic_ownership documentation



On Fri, Mar 04, 2011 at 04:53:20PM +0100, Stephan Mueller wrote:
> Hi,
> 
> I would like to propose the following patch for the libvirtd.conf file to 
> document sVirt and its usage. If you have suggestions to add better wording, 
> please let me know.
> 
> (If you reply with comments, could you please CC me as I am not on the list.)
>  
> -
> +#################################################################
> +#
> +# sVirt protection mechanisms
> +#
> +# The following options specify the separation of virtual machines
> +# based on SELinux categories. As virtual machines execute with the
> +# same user ID, an additional separation functionality is necessary
> +# to prevent different virtual machines from interfering with each other
> +# in case the simulation environment provided with QEMU is
> +# successfully broken by a rogue guest.
> +#
> +# The sVirt protection mechanism implements two modes of operation:
> +#     dynamic assignment of SELinux categories
> +#     static assignment of SELinux labels
> +#
> +# A dynamic assignment of categories implies that libvirt generates
> +# a unique SELinux category that the virtual machine and its resources
> +# are assigned to during the instantiation of the virtual machine.
> +# SELinux ensures that each virtual machine can only access resources
> +# labeled with the same category as the virtual machine itself.
> +#
> +# A static assignment of SELinux labels imply that the administrator
> +# manually configures the SELinux label of the virtual machine in
> +# /etc/libvirt/qemu/<VM-DESCRIPTOR> based on the following example:
> +#
> +#  <seclabel model='selinux' type="static">
> +#    <label>system_u:system_r:qemu_t:s0:c210.c502</label>
> +#  </seclabel>
> +#
> +# The <label> tag specifies a full SELinux label the virtual machine
> +# will be executed with.
> +#
> +# In addition to the setting of the SELinux label of the virtual
> +# machine, the administrator must manually set the SELinux label
> +# of all resources the virtual machine accesses appropriately.
> +#
> +# NOTE: The dynamic assignment of categories is only intended for
> +#       systems with the targeted SELinux policy. Systems with the MLS
> +#       SELinux policy MUST use the static assignment of labels.
> +#       It is possible that static assignment is configured for
> +#       systems with the targeted policy as well.
> +#
> +# dynamic_ownership: 0 == static assignment of SELinux labels
> +#                    1 == dynamic assignment of SELinux labels
> +dynamic_ownership=1
> +#

This is not what the dynamic_ownership parameter does - it actually
has nothing todo with SELinux / sVirt.  This determines whether
libvirt will set the user/group DAC ownership on the disk images
to match the uid/gid the QEMU process runs under.

Whether libvirt uses static or dynamic SELinux labels is entirely
controlled by the guest XML config. This is explained a little bit
in this webpage:

   http://libvirt.org/drvqemu.html#securitysvirt

though you might wish to improve the wording a little more (the web
pages are stored in the docs/ directory of GIT.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]