On Fri, Feb 27, 2009 at 03:37:55PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Another patch off latest repository. > > This patch does not require the XML to include a label, although this is > still supported. > > Implemented most of the comments from Jim. make check and make > syntax-check passes, Added seclabeltest.c to run in tests, Updated > capability.rng, although not really sure I did it right. > > This patch will generate random MCS Labels and relabels the image files > to match. Seems to work well on F11. > > I will back port some policy to allow it to work on F10. > > I think we need a mechanism in libvirtd.conf to turn this off. And > allow perhaps three modes. > > svirt=Disabled. No Security Driver. > svirt=MLS (Requires context in xml, no relabel of disks) > svirt=Standard, (If no XML label, then random generate one and reset > file context). > > How should I read config from libvirt.conf and and not enable he > SecurityModel? libvirtd.conf is for the general daemon configuration. The QEMU driver has a separate /etc/libvirt/qemu.conf which is read by qemudLoadDriverConfig() into struct qemud_driver. The code for this is in src/qemu_conf.c The security driver is really more of a generic resource though, that we could use in several drivers, so another alternative is an /etc/libvirt/svirt.conf loaded the svirt driver. In any case look at the qemudLoadDriverConfig() for example of the API usage for config files Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list