SELinux & Xen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
I've read this brief documentation on the fedora and RHEL5 documentation
page:

http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart#head-42db86c47fbb6d5abc7c6e5d931028d74d1b4102
https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Virtualization-en-US/ch-virt-selinux-considerations.html

I'm understanding that this will grant access to the device to the xen
daemon (xend)

# semanage fcontext -a -t xen_image _t -f -b /dev/sda2
# restorecon /dev/sda2

But there's any way that you can be sure that a given domain can't acces
to data on a other xen guest (a diferent device) using selinux?

So, the Xen guest A could only acces to /dev/sda, and Xen guest B could
only acces to /dev/sdb but they both are using the same xend daemon.

Thank you very much!
Jordi
-- 
......................................................................
        __
       / /          Jordi Prats Català
 C E / S / C A      Departament de Sistemes
     /_/            Centre de Supercomputació de Catalunya

 Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona
 T. 93 205 6464 · F.  93 205 6979 · jprats@xxxxxxxx
......................................................................
pgp:0x5D0D1321
......................................................................

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux