Re: [RFC PATCHv4 14/15] qemu: skip granting access during fd migration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 09, 2011 at 07:18:32PM -0700, Eric Blake wrote:
> SELinux labeling and cgroup ACLs aren't required if we hand a
> pre-opened fd to qemu.  All the more reason to love fd: migration.

I know that holds true for cgroups which checks on open() only,
but are you absolutely sure about for SELinux? SELinux checks
FDs on every single syscall. I'm really fuzzy about what happens
to an FD's associated security context when you pass it over
an UNIX socket using SCM_RIGHTS. I think it might 'just work'
as we already do this with TAP devices and don't label them,
but it could be we have a generic policy rule related to TAP
devices.

If it passed testing with SELinux in enforcing mode, then ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]