[libvirt-users] Stop the relabeling of CD images

Cristian Ciupitu cristian.ciupitu at yahoo.com
Tue Aug 20 02:19:59 UTC 2013


----- Original Message -----
> From: Eric Blake <eblake at redhat.com>
> To: Cristian Ciupitu <cristian.ciupitu at yahoo.com>
> Cc: libvirt-users <libvirt-users at redhat.com>
> Sent: Monday, August 19, 2013 11:24 PM
> Subject: Re: [libvirt-users] Stop the relabeling of CD images

> So maybe this would do it:
>
> <source file=...>
>   <seclabel model='selinux' relabel='no'/>
>   <seclabel model='dac' relabel='no'/>
> </source>

I've just tried it and the SELinux label is not changed anymore, but the
ownership is still changed to qemu:qemu.

> I'm also not sure why you think to resort to chattr +i, but if using
> that causes libvirt heartburn, maybe we have a bug to fix to be more
> tolerant of failed label attempts due to chattr.

I resorted to `chattr +i` because I got tired of libvirtd messing with
my files even if it wasn't required.  The official versions of libvirtd
from Fedora 18 or 19 used to complain about not being able to change the
files, but the current bleeding edge version hasn't complained (with the
XML config from above).

To sum it up, SELinux - solved, DAC - not (yet).

Thank you,
Cristian Ciupitu





More information about the libvirt-users mailing list