Hi, I am studying sVirt,i have some questions about virSecuritySELinuxSetSecurityAllLabel() function (below AllLabel() instead)in src/security/security_selinux.c. >From some materials, i have understood how sVirt works. AllLabel() is responsible to label "object",in most materials, "object" represents image files, howerver, in AllLabel(),i find there are some other "object"(Hostdev,TPMFile,Chardev,Smartcard,os.kernel, os.initrd,os.dtb) to be labeled. I have question about the scope of "object",besides labeling image files,is those other object necessary to be labeled to guarantee sVirt to achieve strong isolation. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list