On Thursday, August 21, 2014 10:48:05 AM Daniel J Walsh wrote: > I think we should setup a meeting to discuss this and figure out our option. Sorry I'm slow to the party, I'm at LSS/LinuxCon this week and the network has been fairly spotty. > We need a mechanism for libvirt to send the labels of the process and > images to the remote server and then we need an enforcement mechanism to > only allow the process label to interact with the file image. SELinux could > do this if each vm has a separate process running on the server interacting > with the image. Otherwise the server needs to do some kind of enforcement > on its own. > > We could use some form of labeled networking for transmitting the MCS > Label of qemu to the server or we would need to extend the protocol to > send the label down. > > There is two ways to handle labeled networking.The most common labeling > standard,CIPSO, only sends the MCS portion of the label. The second > form can send the entire label of the process, but it is seldom used and > requires Labeled IPSEC. As one would expect, neither CIPSO or labeled IPsec are prefect, but they are really our only options for conveying labels across a network - unless we want to augment/extend RBD, which I know almost nothing about (a quick search makes me think this is Ceph's remote storage protocol). Daniel (Mr. Libvirt, not Mr. SELinux), can you provide a quick overview of RBD, with bonus points for information on who controls the protocol (Inktank/RH or IETF) and if it offers any sort of extensibility (in other words, is there any hope for us to add label information to the protocol). -- paul moore security and virtualization @ redhat -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list