git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Giuseppe Scrivano <gscrivan@redhat.com>
	Fri, 18 Oct 2013 12:13:21 +0000 (14:13 +0200)
committer	Eric Blake <eblake@redhat.com>
	Tue, 29 Oct 2013 13:06:04 +0000 (07:06 -0600)
commit	b51038a4cddb11b7098b1495f8b70642946d7be5
tree	680f56b66e063f9c973a6ca3f4a881cacd2aeb95	tree \| snapshot
parent	64a68a4a09102665d43096fbc2be993c5297f5f0	commit \| diff

capabilities: add baselabel per sec driver/virt type to secmodel

Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

docs/schemas/capability.rng		diff \| blob \| blame \| history
src/conf/capabilities.c		diff \| blob \| blame \| history
src/conf/capabilities.h		diff \| blob \| blame \| history
src/libvirt_private.syms		diff \| blob \| blame \| history
src/lxc/lxc_conf.c		diff \| blob \| blame \| history
src/qemu/qemu_conf.c		diff \| blob \| blame \| history
tests/capabilityschemadata/caps-qemu-kvm.xml		diff \| blob \| blame \| history
tests/capabilityschemadata/caps-test3.xml		diff \| blob \| blame \| history