On 01/07/2017 03:04 PM, John Ferlan wrote:
>
>
> On 12/19/2016 10:57 AM, Michal Privoznik wrote:
>> With our new qemu namespace code in place, the relabelling of
>> devices is done not as good is it could: a child process is
>> spawned, it enters the mount namespace of the qemu process and
>>
On 12/19/2016 10:57 AM, Michal Privoznik wrote:
> With our new qemu namespace code in place, the relabelling of
> devices is done not as good is it could: a child process is
> spawned, it enters the mount namespace of the qemu process and
> then runs desired API of the security driver.
Extra
With our new qemu namespace code in place, the relabelling of
devices is done not as good is it could: a child process is
spawned, it enters the mount namespace of the qemu process and
then runs desired API of the security driver.
Problem with this approach is that internal state transition of
the