Re: [libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-15 Thread Richard W.M. Jones
On Wed, Jan 14, 2009 at 04:11:19PM -0500, Daniel J Walsh wrote: > This is more the iso images used to install virt images can be anywhere. > > So a user copies a iso image to his home directory and then installs the > iso using virt-manager. Currently qemu_t would need to read user_home_t > to ma

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread Daniel P. Berrange
On Thu, Jan 15, 2009 at 07:32:25AM +1100, James Morris wrote: > On Wed, 14 Jan 2009, Daniel J Walsh wrote: > > > I think labeling can be done to allow the access to directories, and > > files. So libvirt could go in an label a file/directory in such a way > > that the running qemu_t:s0.c10 can re

Re: [libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Itamar Heim wrote: >> From: libvir-list-boun...@redhat.com [mailto:libvir-list- >> boun...@redhat.com] On Behalf Of Daniel J Walsh >> I think labeling can be done to allow the access to directories, and >> files. So libvirt could go in an label a file

RE: [libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread Itamar Heim
> From: libvir-list-boun...@redhat.com [mailto:libvir-list- > boun...@redhat.com] On Behalf Of Daniel J Walsh > I think labeling can be done to allow the access to directories, and > files. So libvirt could go in an label a file/directory in such a way > that the running qemu_t:s0.c10 can read or

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Morris wrote: > On Wed, 14 Jan 2009, Daniel J Walsh wrote: > >> I think labeling can be done to allow the access to directories, and >> files. So libvirt could go in an label a file/directory in such a way >> that the running qemu_t:s0.c10 can

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread James Morris
On Wed, 14 Jan 2009, Daniel J Walsh wrote: > I think labeling can be done to allow the access to directories, and > files. So libvirt could go in an label a file/directory in such a way > that the running qemu_t:s0.c10 can read or read/write the file/directory. > > Same with the ability to creat

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-14 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel P. Berrange wrote: > On Tue, Jan 13, 2009 at 05:18:46PM -0500, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> As I begin to work on the svirt lock down of the qemu process, I am >> seeing a disturbing problem. >>

[libvirt] Re: SELinux SVirt/Qemu problems with current qemu design.

2009-01-13 Thread Daniel P. Berrange
On Tue, Jan 13, 2009 at 05:18:46PM -0500, Daniel J Walsh wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > As I begin to work on the svirt lock down of the qemu process, I am > seeing a disturbing problem. > > The qemu binaries are being used to both setup the guest image > environment