Re: [RFC] sVirt v0.10 - initial prototype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 21 Oct 2008, Daniel P. Berrange wrote:

> eg perhaps something like
> 
> # virsh capabilities 
> <capabilities>
> 
>   <host>
>     <cpu>
>       <arch>i686</arch>
>     </cpu>
>     <secpolicy model='selinux'>
>        <type>targetted</type>
>        <state>enforcing</state>
>     </secpolicy>
>   </host>
> 
>   .... snip rest of XML...

I don't think the endforcing state for the host will be useful, as this 
can change between API calls, and it really needs to be enforced on the 
host at the time of domain instantiation.

> Is there any meaningful / useful policy version information that can
> be included here ? Or policy feature bits

Possibly, although I think we should leave the configuration of DOI to the 
admin, rather than trying to figure out what might be useful in advance.  
In some cases, the admin may wish to use an RPM package+version string, 
and others, a domain name could indicate that each system is managed 
within an boundary with consistent label semantics.


- James
-- 
James Morris
<jmorris@xxxxxxxxx>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux