hi,all
a qemu-kvm process and its disk(image file) have the same MCS(s0:c111,c555). it express this process have access to this image.
i do not know the power to access its image file is the max or min?
if any other power this process(domain) has?how much?
i want to know the exact power a qemu-kvm process has besides access its image file ,other kinds of files,dirs etc.
my test case:
after start a guestVM(its disk xml ,cache='none' error_policy='stop'), make some modification on its files and save them.
then go to hypervisor, modify the MCS of guestVM's image file.
1.i can read those files(cache=none)?it s
hould not be so. why?
2.then modify files and save, the guestVM hang, it is paused on UI. this is right qeum process can not write again. why this guestVM is hang? and can not be resumed
3.look at audit info. denied { write } for pid=52162 comm="qemu-kvm".
that pid is 52162, is not my qemu-kvm's pid? why?
thanks so much.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
