From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 4 Sep 2012 14:09:43 +0000 (+0200)
Subject: conf: describe security_driver behavior
X-Git-Tag: CVE-2012-4423~112
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95fbc833874f93d099ed3e017f61699b905cd70c;p=thirdparty%2Flibvirt.git

conf: describe security_driver behavior

As a request was raised for this, I added few lines in the "Notes"
part of the "security_driver" comments about allowed values.
---

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index d3175fa750..6cd0d8038e 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -164,7 +164,10 @@
 #
 #       security_driver = [ "selinux", "apparmor" ]
 #
-# Note: The DAC security driver is always enabled.
+# Notes: The DAC security driver is always enabled; as a result, the
+# value of security_driver cannot contain "dac".  The value "none" is
+# a special value; security_driver can be set to that value in
+# isolation, but it cannot appear in a list of drivers.
 #
 #security_driver = "selinux"