1215833 – qemu driver should fill in VM runtime seclabel model='dac' values

Bug 1215833 - qemu driver should fill in VM runtime seclabel model='dac' values

Summary: qemu driver should fill in VM runtime seclabel model='dac' values

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-04-27 21:13 UTC by Cole Robinson
Modified:	2016-05-02 14:21 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-05-02 14:21:51 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Cole Robinson 2015-04-27 21:13:53 UTC

When a qemu VM is running with svirt, libvirt populates the XML with the runtime process and image label, example:

  <seclabel type='dynamic' model='selinux' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c750,c901</label>
    <imagelabel>system_u:object_r:svirt_image_t:s0:c750,c901</imagelabel>
  </seclabel>

However we don't do that for the model='dac' driver. It's not all that interesting, but I figure we should fill it in to be consistent

Comment 1 Cole Robinson 2016-04-21 00:29:27 UTC

I started a discussion upstream about this:

http://www.redhat.com/archives/libvir-list/2016-April/msg01366.html

Comment 2 Cole Robinson 2016-04-23 18:52:11 UTC

Patch sent upstream:

http://www.redhat.com/archives/libvir-list/2016-April/msg01613.html

Comment 3 Cole Robinson 2016-05-02 14:21:51 UTC

Upstream now:

commit 601531d6eadde981abde6b3b976ad91641e32787
Author: Cole Robinson <crobinso>
Date:   Sat Apr 23 13:46:25 2016 -0400

    conf: format runtime DAC seclabel, unless MIGRATABLE

Note You need to log in before you can comment on or make changes to this bug.