mirror of
https://github.com/libvirt/libvirt.git
synced 2025-02-25 18:55:26 -06:00
Allow a base label to be specified in dynamic labelling mode
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed
eg
<seclabel type='dynamic' model='selinux'>
<baselabel>system_u:object_r:virt_t:s0</baselabel>
</seclabel>
* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
label, if available
This commit is contained in:
Daniel P. Berrange
@@ -67,6 +67,9 @@
|
||||
<element name="imagelabel">
|
||||
<text/>
|
||||
</element>
|
||||
<element name="baselabel">
|
||||
<text/>
|
||||
</element>
|
||||
</element>
|
||||
</define>
|
||||
<define name="hvs">
|
||||
|
||||
Reference in New Issue
Block a user