On 03/24/2010 06:31 PM, Joerg Roedel wrote:
On Wed, Mar 24, 2010 at 06:20:38PM +0200, Avi Kivity wrote:
On 03/24/2010 06:17 PM, Joerg Roedel wrote:
But is this not only one entity more for
sVirt to handle? I would leave that decision to the sVirt developers.
Does attaching the same label as for the VM resources mean that root
could not access it anymore?
IIUC processes run under a context, and there's a policy somewhere that
tells you which context can access which label (and with what
permissions). There was a server on the Internet once that gave you
root access and invited you to attack it. No idea if anyone succeeded
or not (I got bored after about a minute).
So it depends on the policy. If you attach the same label, that means
all files with the same label have the same access permissions. I think.
So if this is true we can introduce a 'trace' label and add all contexts
that should be allowed to trace to it.
But we probably should leave the details to the security experts ;-)
That's just what I want to do. Leave it in userspace and then they can
deal with it without telling us about it.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
