On 01/26/2011 11:09 AM, Alon Levy wrote: >> What does QEMU/NSS do with the certificate database ? Is it a readonly >> database, or does QEMU/NSS also write to this ? I'm wondering why we >> need to specify x509 certificates, as well as the certificate database ? > > The cert1/cert2/cert3 names are only internal references in that db, they > don't have a global meaning (i.e. it isn't filenames or any other type of uri). That changes things in my implementation. That means that cert1/cert2/cert3 do not need _any_ SELinux labeling, because they are not files in the file system (just names within a database); furthermore, since they are not files, my documentation efforts of calling them out as absolute files in the docs needs tweaking. Meanwhile, the database _does_ need SELinux labeling (and I'm assuming here that the database argument, if provided, must be an absolute path to the actual file containing the database of the three certificate names). What does the database default to if you omit it from the qemu command line? -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list