On Mon, Mar 02, 2009 at 09:18:05AM +1100, James Morris wrote: > On Fri, 27 Feb 2009, Daniel J Walsh wrote: > > > I think we need a mechanism in libvirtd.conf to turn this off. And > > allow perhaps three modes. > > > > svirt=Disabled. No Security Driver. > > svirt=MLS (Requires context in xml, no relabel of disks) > > svirt=Standard, (If no XML label, then random generate one and reset > > file context). > > I wouldn't call these MLS and Standard. The simple isolation scheme with > automatic labeling is just one way to do things. Down the track, we'll > want to be able to specify arbitrary types for guests, not just for MLS. I think perhaps we should make this a QEMU driver config option (ie be in /etc/libvirt/qemu.conf) and have 2 flags security_driver="selinux|none" security_autolabel="yes|no" If security_autolabel is set to 'no', then the app must pass an explicit security context in the domain XML, otherwise the domain is unconfined. If security_autolabel is set to 'yes', then if the app passes an explicit security context this is used, otherwise it will auto-generate one at startup of the VM. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list