On Tue, Sep 04, 2012 at 11:28:19AM +0200, Jiri Denemark wrote: > On Tue, Sep 04, 2012 at 10:22:56 +0100, Daniel P. Berrange wrote: > > On Mon, Sep 03, 2012 at 12:57:50PM -0300, Marcelo Cerri wrote: > > > Hi, > > > > > > I was discussing with Jiri Denemark about the current behavior of > > > none seclabels with multiple security drivers and I'd like to hear > > > more opinions about how this should work. > > > > > > Currently, a none security label can be defined specifically to each > > > enabled security driver. For example, using a default configuration > > > (in which SELinux is enabled as default driver and DAC is enabled > > > due to privileged mode), a guest definition can contain the > > > following seclabel: > > > > > > <seclabel type='none' model='selinux'/> > > > > > > This will disable SELinux labeling and will keep labeling enabled > > > for any other security drivers (DAC in this case). > > > > > > So, my question is: should none seclabels affect specific drivers > > > (as done now) or just one none seclabel should be accepted affecting > > > all security drivers in use? > > > > No, as with your example above, the type=none is scoped to a specific > > driver. > > And what happens if you have older libvirt and a domain configured with > <seclabel type='none'/> and upgrade libvirt to the state when it actually > enables more than one security driver at a time. Shouldn't such generic > <seclabel type='none'/> actually turn off any labeling, that is, affect all > the enabled drivers? IMHO with the old libvirt, if no model=XXXX was set, this was implicitly refering to the current model. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list