Daniel P. Berrange wrote:
> On Tue, Jun 23, 2009 at 07:45:34PM -0700, Casey Schaufler wrote:
>
>> Serge E. Hallyn wrote:
>>
>>> Quoting Daniel P. Berrange (berra...@redhat.com):
>>>
>>>
>>>> This patch updates the LXC
Serge E. Hallyn wrote:
> Quoting Daniel P. Berrange (berra...@redhat.com):
>
>> This patch updates the LXC driver to make use of libcap-ng for managing
>> process capabilities. Previously Ryota Ozaki had provided code to remove
>> the CAP_BOOT capabilities inside the container, preventing host
James Morris wrote:
On Fri, 29 Aug 2008, Daniel Veillard wrote:
2. The XML format for security labels needs to be extended to indicate
which security model is in use, and potentially carry model-specific
metadata. For SELinux, we may want to know what type of policy is active,
and later,
James Morris wrote:
On Sun, 10 Aug 2008, Casey Schaufler wrote:
1.1 Rationale
With increased use of virtualization, one security benefit of
physically separated systems -- strong isolation -- is reduced,
This issue can always be readily resolved by going back to physically
James Morris wrote:
This is to announce the formation of the sVirt project, which aims to
integrate SELinux and Linux-based virtualization (KVM et al).
The idea has been discussed a few times over the last year or so, and in
recent weeks, a few Fedora folk (such as Dan Walsh, Daniel Berrange a