On Wed, Jan 12, 2011 at 12:22:56PM -0500, Cole Robinson wrote: > Enabling a security driver in qemu.conf is currently all or nothing. > The option to disable security on a per VM basis can be a useful debugging > tool or work around for frustrated users. > > Patches 1-3 and 5-6 are prep and cleanup work. Patch 4 fixes an > easily triggerable segfault when defining a domain in qemu. Patch 7 > is the actual feature. Hmm, I can understand the motivation for wanting to allow users to disable security per VM. From the POV of a security person it is a bad idea to allow this capability to be used by default since running one single unconfined VM compromises the entire security model. As a host admin, we need to be able to enforce that every single VM launched is always running with security model active, and not allow libvirt admins to override that decision at all. Thus a default libvirt install would have to forbid any attempt to run a VM with a secmodel=none, and reject with an error. It would have to require a host level configuration change to allow running VMs without a secmodel. Unfortunately once you require this you might as well just be changing the existing config param in qemu.conf for libvirtd as a whole. If a user is having trouble, and needs to debug then I think it is best to just 'setenforce 0' and do the debugging. NB, some of your patches in this series are useful regardless, but I don't think we should allow a tunable to turn off security per VM. Regards, Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list