On 04/09/2013 06:09 AM, Eric Blake wrote:
On 04/08/2013 01:14 AM, Alexey Kardashevskiy wrote:
Hi!
Setting security_driver to "none" (instead of "selinux") fixed the
problem so I presumed that selinux is the problem here. But you're right
after all, this helped:
[root@vpl2 ~]# chmod 777 /home/aik/
[root@vpl2 ~]# chmod 777 /home/aik/virtimg/
It may have helped, but it also opened you up to a security hole. You
generally don't want permissions to be this wide open on your home
directory. Rather, the use of ACLs or group (but not world) permissions
should be considered, so that access is granted to the qemu group but
not to the world.
Yes, right, my point was that it is not always first DAC and only then MAC.
Here it is domain type check, then DAC user access check and only then MAC
user access check, correct?.
--
Alexey
_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
