On Mon, 2009-07-06 at 14:26 -0400, Gene Czarcinski wrote: > Neat! > > OK, this is starting to make more sense to me. I like the idea of using the > MCS policy to protect guests from each other. > > As far as I can see, the MCS policy stuff has not been implemented yet ... at > least with libvirt-0.6.2 ... I am still waiting for 0.6.5 to appear in Fedora > 11 updates-testing. I hope this MCS policy stuff gets implemented for Fedora > 11 so I can give it a try. It works for me on F11 out of the box, as described in: http://fedoraproject.org/wiki/Features/SVirt_Mandatory_Access_Control#How_To_Test If I start guest VMs via virt-manager or virsh, they get labeled with unique MCS category pairs and their virtual disks get labeled accordingly automatically. And when I stop them, the disks get reset to their original label and become inaccessible to any guest. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
