On 27/11/2017 10:40, Daniel P. Berrange wrote: > > If we had one daemon per QEMU, then we would give the daemon the same > MCS label as QEMU. The kernel will thus enforce this label matches the > label on the QEMU process when it connects to the UNIX socket. The kernel > will also validate the label on the disk file descriptor passed to the > daemon by QEMU. > > If we had one daemon per host, then that daemon will need a generic > label that lets all QEMUs connect to it. When QEMU passes in a disk > FD, the daemon will need to query the SELinux context of the remote > QEMU process, and then perform a userspace ACL check of that against > the FD that is passed in. > > The latter case means the QEMU helper will need to link to libselinux > and performs checks itself.
Then it seems much better to use one daemon per QEMU, indeed. Paolo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
