On Tue, 21 Oct 2008, Daniel P. Berrange wrote: > eg perhaps something like > > # virsh capabilities > <capabilities> > > <host> > <cpu> > <arch>i686</arch> > </cpu> > <secpolicy model='selinux'> > <type>targetted</type> > <state>enforcing</state> > </secpolicy> > </host> > > .... snip rest of XML... I don't think the endforcing state for the host will be useful, as this can change between API calls, and it really needs to be enforced on the host at the time of domain instantiation. > Is there any meaningful / useful policy version information that can > be included here ? Or policy feature bits Possibly, although I think we should leave the configuration of DOI to the admin, rather than trying to figure out what might be useful in advance. In some cases, the admin may wish to use an RPM package+version string, and others, a domain name could indicate that each system is managed within an boundary with consistent label semantics. - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
