-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/27/2011 08:20 AM, Daniel P. Berrange wrote: > This patch series adds two new features > > - The ability to override 'system_u:system_r:svirt_t:s0' from > /etc/selinux/targeted/contexts/virtual_domain_context using > the guest XML > - The ability to use dynamic relabelling of resources, in combo > with static VM label assignment. > > The latter is useful for management applications which want to > be in full control of assigning VM labels (so that they can be > unique across an entire cluster of hosts for example), while > still benefiting from automatic relabelling of resources in the > XML. > I think you might want to be a little more flexible with this. I see where you would want 4 ways of doing this. Dynamic with /etc/selinux/targeted/contexts/virtual_domain_context Dynamic with alternate TYPE, Meaning I could specify system_u:system_r:svirt_apache_t:s0 and then libvirt would select a MCS label for this context and launch system_u:system_r:svirt_apache_t:s0:c1,c257 Static with no relabel. Static with relabel. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4JuxgACgkQrlYvE4MpobMIyACeMEHG5Iv2fP15pexyss34wsGF dGsAn1gKtRuMeuVKBdU4TJL6Ar1Kl1ZB =V6qL -----END PGP SIGNATURE----- -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list