Now each security model can define its own base label, that describes the default security context used by libvirt to run an hypervisor process. This information is exposed to users trough the host capabilities XML. Giuseppe Scrivano (3): security: add new internal function "virSecurityManagerGetBaseLabel" capabilities: add baselabel per sec driver/virt type to secmodel capabilities: document and test "<baselabel>" docs/schemas/capability.rng | 8 ++++ src/conf/capabilities.c | 60 +++++++++++++++++++++++++++- src/conf/capabilities.h | 14 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_conf.c | 11 +++-- src/security/security_apparmor.c | 7 ++++ src/security/security_dac.c | 26 +++++++++++- src/security/security_driver.h | 3 ++ src/security/security_manager.c | 15 +++++++ src/security/security_manager.h | 2 + src/security/security_nop.c | 9 +++++ src/security/security_selinux.c | 9 +++++ src/security/security_stack.c | 8 ++++ tests/capabilityschemadata/caps-qemu-kvm.xml | 2 + tests/capabilityschemadata/caps-test3.xml | 2 + 15 files changed, 172 insertions(+), 6 deletions(-) -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list