Bug 636142

Summary: RFE: Isolated UID: Support running each QEMU under isolated UID:GID pair
Product: [Community] Virtualization Tools Reporter: Daniel BerrangĂ© <berrange>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: crobinso, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-15 12:19:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 636032    

Description Daniel Berrangé 2010-09-21 14:59:55 UTC 
Description of problem:
Extend the QEMU DAC security driver so that it uses a isolated UID:GID pair for each VM.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Berrangé 2015-01-15 12:19:17 UTC 
The DAC security driver gained this in

commit a994ef2d1ac08809eb4ac6c89afa8cb53c8ed5d0
Author: Marcelo Cerri <mhcerri.ibm.com>
Date:   Wed Aug 15 19:10:37 2012 -0300

    Update security layer to handle many security labels
    
    These changes make the security drivers able to find and handle the
    correct security label information when more than one label is
    available. They also update the DAC driver to be used as an usual
    security driver.