On 03/24/2010 06:17 PM, Joerg Roedel wrote:
On Wed, Mar 24, 2010 at 05:52:54PM +0200, Avi Kivity wrote:
On 03/24/2010 05:50 PM, Joerg Roedel wrote:
If we go the /proc/<pid>/kvm way then the directory should probably
inherit the label from /proc/<pid>/?
That's a security policy. The security people like their policies
outside the kernel.
For example, they may want a label that allows a trace context to read
the data, and also qemu itself for introspection.
Hm, I am not a security expert.
I'm out of my depth here as well.
But is this not only one entity more for
sVirt to handle? I would leave that decision to the sVirt developers.
Does attaching the same label as for the VM resources mean that root
could not access it anymore?
IIUC processes run under a context, and there's a policy somewhere that
tells you which context can access which label (and with what
permissions). There was a server on the Internet once that gave you
root access and invited you to attack it. No idea if anyone succeeded
or not (I got bored after about a minute).
So it depends on the policy. If you attach the same label, that means
all files with the same label have the same access permissions. I think.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
