State what fields are used when generating SELinux labels from a
baselabel.
---
Notes:
Version 2:
- add reference to example
docs/formatdomain.html.in | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 4e9665f..80caac0 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4596,8 +4596,16 @@ qemu-kvm -net nic,model=? /dev/null
/dd
dtcodebaselabel/code/dt
ddIf dynamic labelling is used, this can optionally be
-used to specify the base security label. The format
-of the content depends on the security driver in use.
+used to specify the base security label that will be used to generate
+the actual label. The format of the content depends on the security
+driver in use.
+
+The SELinux driver uses only the codetype/code field of the
+baselabel in the generated label. Other fields are inherited from
+the parent process when using SELinux baselabels.
+
+(The example above demonstrates the use of codemy_svirt_t/code
+as the value for the codetype/code field.)
/dd
dtcodeimagelabel/code/dt
ddThis is an output only element, which shows the
--
1.8.2.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list