[libvirt] [PATCH v3 0/2] Add <seclabel> to character devices.
Richard W.M. Jones
rjones at redhat.com
Thu Sep 20 15:29:57 UTC 2012
Previous discussion:
https://www.redhat.com/archives/libvir-list/2012-September/thread.html#01037
This adds <seclabel> to character devices' <source/> elements,
like this:
<serial type="unix">
<source mode="connect" path="/tmp/console.sock">
<seclabel model="selinux" relabel="no"/>
</source>
<target port="0"/>
</serial>
I tested it by controlling the labelling of the libguestfs console
socket (when unlabelled, SELinux prevents libguestfs from starting),
and it appears to work.
By the way, I could only get this to work by explicitly adding the
model="selinux" attribute. Looking at the code, it seems the same
would be true for disk-specific seclabels too, so the documentation is
wrong.
Rich.
More information about the libvir-list
mailing list