[libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-15 Thread dwalsh
From: Dan Walsh We do not want to allow contained applications to be able to read fusefs_t. So we want /proc/meminfo label to match the system default proc_t. --- src/lxc/lxc_container.c | 24 1 file changed, 24 insertions(+) diff --git a/src/lxc/lxc_container.c b/src/l

[libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-15 Thread dwalsh
From: Dan Walsh We do not want to allow contained applications to be able to read fusefs_t. So we want /proc/meminfo label to match the system default proc_t. Fix checking of error codes --- src/lxc/lxc_container.c | 24 1 file changed, 24 insertions(+) diff --git a/sr

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-15 Thread Daniel P. Berrange
On Wed, May 15, 2013 at 09:46:29AM -0400, dwa...@redhat.com wrote: > From: Dan Walsh > > We do not want to allow contained applications to be able to read fusefs_t. > So we want /proc/meminfo label to match the system default proc_t. > --- > src/lxc/lxc_container.c | 24

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-15 Thread Daniel P. Berrange
On Wed, May 15, 2013 at 10:35:48AM -0400, dwa...@redhat.com wrote: > From: Dan Walsh > > We do not want to allow contained applications to be able to read fusefs_t. > So we want /proc/meminfo label to match the system default proc_t. > > Fix checking of error codes > --- > src/lxc/lxc_container

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-15 Thread Michal Privoznik
On 15.05.2013 16:35, dwa...@redhat.com wrote: > From: Dan Walsh > > We do not want to allow contained applications to be able to read fusefs_t. > So we want /proc/meminfo label to match the system default proc_t. > > Fix checking of error codes > --- > src/lxc/lxc_container.c | 24 +

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-16 Thread Daniel P. Berrange
On Wed, May 15, 2013 at 10:35:48AM -0400, dwa...@redhat.com wrote: > From: Dan Walsh > > We do not want to allow contained applications to be able to read fusefs_t. > So we want /proc/meminfo label to match the system default proc_t. > > Fix checking of error codes > --- > src/lxc/lxc_container

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-16 Thread Daniel P. Berrange
On Thu, May 16, 2013 at 05:04:06PM +0100, Daniel P. Berrange wrote: > On Wed, May 15, 2013 at 10:35:48AM -0400, dwa...@redhat.com wrote: > > From: Dan Walsh > > > > We do not want to allow contained applications to be able to read fusefs_t. > > So we want /proc/meminfo label to match the system d

Re: [libvirt] [PATCH] Change label of fusefs mounted at /proc/meminfo in lxc containers

2013-05-16 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/16/2013 12:09 PM, Daniel P. Berrange wrote: > On Thu, May 16, 2013 at 05:04:06PM +0100, Daniel P. Berrange wrote: >> On Wed, May 15, 2013 at 10:35:48AM -0400, dwa...@redhat.com wrote: >>> From: Dan Walsh >>> >>> We do not want to allow containe