On 01/07/2017 03:04 PM, John Ferlan wrote:
>
>
> On 12/19/2016 10:57 AM, Michal Privoznik wrote:
>> With our new qemu namespace code in place, the relabelling of
>> devices is done not as good is it could: a child process is
>> spawned, it enters the mount namespace of the qemu process and
>> the
On 12/19/2016 10:57 AM, Michal Privoznik wrote:
> With our new qemu namespace code in place, the relabelling of
> devices is done not as good is it could: a child process is
> spawned, it enters the mount namespace of the qemu process and
> then runs desired API of the security driver.
Extra CR/
With our new qemu namespace code in place, the relabelling of
devices is done not as good is it could: a child process is
spawned, it enters the mount namespace of the qemu process and
then runs desired API of the security driver.
Problem with this approach is that internal state transition of
the