Hi.
On Fri, Mar 09, 2012 at 11:32:47 +0000, Stefan Hajnoczi wrote:
...
> static __inline__ int platform_test_xfs_fd(int fd)
> {
> struct statfs buf;
> if (fstatfs(fd, &buf) < 0)
> return 0;
> return (buf.f_type == 0x58465342); /* XFSB */
> }
>
> In other words, XFS detection will fail when SELinux is enabled.
>
> I'm not familiar with libvirt's use of SELinux. Can someone explain
> if we need to expand the policy in libvirt and how to do that?
Actually, there is no SELinux policy in libvirt. Libvirt merely uses an
appropriate security context when running qemu processes. The rules what such
processes can do and what they are forbidden to do are described in SELinux
policy which is provided as a separate package (or packages on some distros).
So it's this policy (selinux-policy package on Fedora based distros) which
would need to be expanded. Thus it should be negotiated with SELinux policy
maintainers if they are willing to allow svirt_t domain calling fstatfs.
Jirka
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list