On Wed, 14 Jan 2009, Daniel J Walsh wrote: > I think labeling can be done to allow the access to directories, and > files. So libvirt could go in an label a file/directory in such a way > that the running qemu_t:s0.c10 can read or read/write the file/directory. > > Same with the ability to create save images, as long as the labeling is > correct. The only problem I see here is the searching of the directory > path to the location of the directories. If we want to allow users to > store files/directories anywhere, we end up having to allow qemu_t the > ability to at least search every directory on the system, and > potentially read them. Having the ability to read a directory is > sometimes valuable, for a hacker. I thought the virt-manager etc. tools were moving toward using standardized directories and not allowing users to put VM images just anywhere. -- James Morris <jmorris@xxxxxxxxx> -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list