Daniel P. Berrange wrote: > On Mon, Mar 02, 2009 at 09:18:05AM +1100, James Morris wrote: >> On Fri, 27 Feb 2009, Daniel J Walsh wrote: >> >>> I think we need a mechanism in libvirtd.conf to turn this off. And >>> allow perhaps three modes. >>> >>> svirt=Disabled. No Security Driver. >>> svirt=MLS (Requires context in xml, no relabel of disks) >>> svirt=Standard, (If no XML label, then random generate one and reset >>> file context). >> I wouldn't call these MLS and Standard. The simple isolation scheme with >> automatic labeling is just one way to do things. Down the track, we'll >> want to be able to specify arbitrary types for guests, not just for MLS. > > I think perhaps we should make this a QEMU driver config option (ie be > in /etc/libvirt/qemu.conf) and have 2 flags > > security_driver="selinux|none" > security_autolabel="yes|no" > > If security_autolabel is set to 'no', then the app must pass an explicit > security context in the domain XML, otherwise the domain is unconfined. > > If security_autolabel is set to 'yes', then if the app passes an explicit > security context this is used, otherwise it will auto-generate one at > startup of the VM. > Would we just use capabilities to communicate this choice? If so, would it be in the host section, or driver specific? Thanks, Cole -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list