Hi, On Thu, 27 May 2021 at 13:34, Michal Prívozník <mpriv...@redhat.com> wrote:
> Disks can contain various secrets (passwords, certificates, private > keys, etc.). Historically, libvirt set seclabel on anything that QEMU > needed access to and then returned it to root:root when QEMU no longer > needed it, exactly because we could not tell if some sensitive info was > stored in a file or not. > > With recent enough libvirt (5.6.0 or newer) libvirt remember the > original seclabel (owner + SELinux label) and restores them afterwards. > The mode is untouched though. > Does the typical SELinux label prevent other users on the system from reading the VM image file even if it has o+r set on it? I'm hazy enough on SELinux that I don't want to make any invalid assumptions. > I'd say that if somebody wants a disk to be "shared", e.g. readable by > other users on the system, they can put <shareable/> stanza into disk > XML. But then again - libvirt doesn't change the mode. So I think it's > up to vagrant to decide. > > Michal > I think requiring an explicit decision to share is probably the best approach and better to keep that as part of the requirements before enabling o+r on the mode. Thanks, that's a very useful suggestion. -- Darragh Bailey "Nothing is foolproof to a sufficiently talented fool"