On Tue, Sep 04, 2012 at 11:14:35 +0100, Daniel P. Berrange wrote: > On Tue, Sep 04, 2012 at 12:00:33PM +0200, Jiri Denemark wrote: > > I don't think that description of existing behaviour is accurate. With old > libvirt you have one <seclabel> (for SELinux/AppArmour), but secretly there > are 2 security drivers (SELinux/AppArmour + DAC). Setting type=none for > the seclabel only meant that the SELinux/AppArmour drivers ran the guest > unconfined. The second (DAC) driver would still be applied to the guest > making it run unprivileged/confined. Isn't DAC still applied in the same way? > What actual problem have you seen with upgrades ? I don't see any actual problem, I'm just trying to think about them :-) Let's say there's a domain running with <seclabel type='none'/> while libvirtd is upgraded and reconfigured to enable more seclabels by default (a very theoretical example could be [ "selinux", "apparmor" ]. I think neither selinux nor apparmor labeling should be applied for that domain. Or am I wrong? Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list