[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v3 0/2] Add <seclabel> to character devices.



Previous discussion:
https://www.redhat.com/archives/libvir-list/2012-September/thread.html#01037

This adds <seclabel> to character devices' <source/> elements,
like this:

    <serial type="unix">
      <source mode="connect" path="/tmp/console.sock">
        <seclabel model="selinux" relabel="no"/>
      </source>
      <target port="0"/>
    </serial>

I tested it by controlling the labelling of the libguestfs console
socket (when unlabelled, SELinux prevents libguestfs from starting),
and it appears to work.

By the way, I could only get this to work by explicitly adding the
model="selinux" attribute.  Looking at the code, it seems the same
would be true for disk-specific seclabels too, so the documentation is
wrong.

Rich.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]