Bug 1215833
| Summary: | qemu driver should fill in VM runtime seclabel model='dac' values | ||
|---|---|---|---|
| Product: | [Community] Virtualization Tools | Reporter: | Cole Robinson <crobinso> |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | dyuan, fjin, mzhan, rbalakri, yafu |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-02 14:21:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I started a discussion upstream about this: http://www.redhat.com/archives/libvir-list/2016-April/msg01366.html Patch sent upstream: http://www.redhat.com/archives/libvir-list/2016-April/msg01613.html Upstream now:
commit 601531d6eadde981abde6b3b976ad91641e32787
Author: Cole Robinson <crobinso>
Date: Sat Apr 23 13:46:25 2016 -0400
conf: format runtime DAC seclabel, unless MIGRATABLE
|
When a qemu VM is running with svirt, libvirt populates the XML with the runtime process and image label, example: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c750,c901</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c750,c901</imagelabel> </seclabel> However we don't do that for the model='dac' driver. It's not all that interesting, but I figure we should fill it in to be consistent