On 08/27/2015 03:37 AM, Luc de Louw wrote: > Hi there, > > Quoting https://libvirt.org/drvqemu.html > > "Disks that are marked as <shared> will get a generic label > system_u:system_r:svirt_image_t:s0 allowing all guests read/write > access them" > > The problem now is that the shared disks can potentially being > accessed by other VMs which is not really nice. > > Is it safe to remove the shared parameter in the libvirt config and > use static labeling instead? > > Thanks, > > Luc > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > >From an SELinux point of view, it should work. As long as the label is svirt_image_t:s0, SELinux will not prevent any processes running as svirt_t (guests qemu processes) from reading and writing the content. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
