On Wed, Feb 27, 2013 at 05:14:55PM +0000, Richard W.M. Jones wrote: > > According to the docs, it should be possible to do: > > <disk device="disk" type="file"> > <source file="/path/to/some/file"> > <seclabel relabel="no"/> <---- NB > </source> > <target dev="sda" bus="scsi"/> > <driver name="qemu" type="qcow2"/> > </disk> > > However I tried it, and it simply doesn't work. Furthermore I looked > at the code in domain_conf.c, and I can't see how it's even supposed > to work. It doesn't look to me as if <seclabel> is ever parsed in > that context. > > Can anyone else confirm that this is a bug or point out my error? Historically this was correct, because we only supported labels for one security driver. When we added support for multiple security drivers it seems we caused a regression. <seclabel relabel="no"/> should have been treated as equivalent to <seclabel relabel="no" model="selinux"/> but we're not doing that :-( If you explicitly add the model it'll do what you want. We should still fix this bug though Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list