On 08/20/2013 04:19 AM, Cristian Ciupitu wrote: > ----- Original Message ----- >> From: Eric Blake <eblake@xxxxxxxxxx> >> To: Cristian Ciupitu <cristian.ciupitu@xxxxxxxxx> >> Cc: libvirt-users <libvirt-users@xxxxxxxxxx> >> Sent: Monday, August 19, 2013 11:24 PM >> Subject: Re: Stop the relabeling of CD images > >> So maybe this would do it: >> >> <source file=...> >> <seclabel model='selinux' relabel='no'/> >> <seclabel model='dac' relabel='no'/> >> </source> > > I've just tried it and the SELinux label is not changed anymore, but the > ownership is still changed to qemu:qemu. > >> I'm also not sure why you think to resort to chattr +i, but if using >> that causes libvirt heartburn, maybe we have a bug to fix to be more >> tolerant of failed label attempts due to chattr. > > I resorted to `chattr +i` because I got tired of libvirtd messing with > my files even if it wasn't required. The official versions of libvirtd > from Fedora 18 or 19 used to complain about not being able to change the > files, but the current bleeding edge version hasn't complained (with the > XML config from above). > > To sum it up, SELinux - solved, DAC - not (yet). > I played with it earlier, but I'm not sure which settings we use when. This is just a "possible workaround", even though it might look like it's doing something else. Anyway, If I'm not mistaken, adding a <shareable/> into the <disk> element should stop all relabeling. Correct me if I'm wrong and post your findings, I'll try how relabel works for DAC with upstream in the meantime. Martin _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
