Re: [libvirt] Re: XML representation of security labels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard W.M. Jones wrote:
> On Fri, Aug 29, 2008 at 06:00:36AM +0100, Daniel P. Berrange wrote:
>> Indeed - I'm not aware of any apps using it yet. It is currently only
>> of marginal benefit, since you can't actually set the label, only see
>> the existing (potentially wrong) label.
> 
> It always seemed to me a bit worrying that libvirtd would actually set
> labels on things.  James, am I wrong to be worrying about this?
> 
> Rich.
> 
We can also control the labeles that libvitd can put on objects.   So it
will not be able to put random labels on files. Only labels that it owns.


As an example udev can label all devices with device labels, but it is
not allowed to label random files as shadow_t.

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]