git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 23 Jun 2011 14:48:48 +0000 (15:48 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Mon, 4 Jul 2011 10:17:19 +0000 (11:17 +0100)
commit	4ebfc42716bfe7f78b996c13183f4d01e5824ebd
tree	805f4c16dd588d2be65c78db0ca1f16d9ceebfc3	tree
parent	49826eda7a1da3fb35fc62f340ecdb1d948b0347	commit \| diff

Allow a base label to be specified in dynamic labelling mode

Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed

eg

   <seclabel type='dynamic' model='selinux'>
     <baselabel>system_u:object_r:virt_t:s0</baselabel>
   </seclabel>

* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
  a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
  label, if available

docs/schemas/domain.rng		diff \| blob \| blame \| history
src/conf/domain_conf.c		diff \| blob \| blame \| history
src/conf/domain_conf.h		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history
src/security/security_apparmor.c		diff \| blob \| blame \| history
src/security/security_selinux.c		diff \| blob \| blame \| history