On Tue, Sep 04, 2012 at 10:31:54 +0100, Daniel P. Berrange wrote: > On Tue, Sep 04, 2012 at 11:28:19AM +0200, Jiri Denemark wrote: > > On Tue, Sep 04, 2012 at 10:22:56 +0100, Daniel P. Berrange wrote: > > > On Mon, Sep 03, 2012 at 12:57:50PM -0300, Marcelo Cerri wrote: > > > > > > > > So, my question is: should none seclabels affect specific drivers > > > > (as done now) or just one none seclabel should be accepted affecting > > > > all security drivers in use? > > > > > > No, as with your example above, the type=none is scoped to a specific > > > driver. > > > > And what happens if you have older libvirt and a domain configured with > > <seclabel type='none'/> and upgrade libvirt to the state when it actually > > enables more than one security driver at a time. Shouldn't such generic > > <seclabel type='none'/> actually turn off any labeling, that is, affect all > > the enabled drivers? > > IMHO with the old libvirt, if no model=XXXX was set, this was implicitly > refering to the current model. Yes, but there was just one model, thus it trivially affected all enabled models. Also its semantics can be understood as "do no labeling no matter what security model is used". I'm mainly concerned about libvirt upgrades while domains with <seclabel type='none'/> are running. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list