On 02/12/2013 01:15 PM, Laine Stump wrote: > The existing virSecurityManagerSetProcessLabel() API is designed so > that it must be called after forking the child process, but before > exec'ing the child. Due to the way the virCommand API works, that > means it needs to be put in a "hook" function that virCommand is told > to call out to at that time. > > > With this new API in place, we will be able to remove > virSecurityManagerSetProcessLabel() from any virCommand pre-exec > hooks. > > (Unfortunately, the LXC driver uses clone() rather than virCommand, so > it can't take advantage of this new security driver API, meaning that > we need to keep around the older virSecurityManagerSetProcessLabel(), > at least for now.) > --- > Change from V1: rebased, Copyright dates simplified. ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list