On 05/22/2012 12:15 PM, Eric Blake wrote:
On 05/22/2012 09:29 AM, Corey Bryant wrote:
I understand that open("/dev/fd/42") would be the same as dup(42), but
I'm not sure that I'm entirely clear on how this would work. Could you
give an example?
Instead you could use the existing getfd c
On 05/22/2012 09:29 AM, Corey Bryant wrote:
>>> I understand that open("/dev/fd/42") would be the same as dup(42), but
>>> I'm not sure that I'm entirely clear on how this would work. Could you
>>> give an example?
>>
>> Instead you could use the existing getfd command and avoid the
>> translati
On 05/22/2012 11:39 AM, Kevin Wolf wrote:
Am 22.05.2012 17:29, schrieb Corey Bryant:
On 05/22/2012 10:45 AM, Kevin Wolf wrote:
Am 22.05.2012 16:30, schrieb Corey Bryant:
On 05/22/2012 04:18 AM, Kevin Wolf wrote:
Am 21.05.2012 22:19, schrieb Corey Bryant:
libvirt's sVirt security driver
Am 22.05.2012 17:29, schrieb Corey Bryant:
>
>
> On 05/22/2012 10:45 AM, Kevin Wolf wrote:
>> Am 22.05.2012 16:30, schrieb Corey Bryant:
>>>
>>>
>>> On 05/22/2012 04:18 AM, Kevin Wolf wrote:
Am 21.05.2012 22:19, schrieb Corey Bryant:
> libvirt's sVirt security driver provides SELinux MAC
On 05/22/2012 10:45 AM, Kevin Wolf wrote:
Am 22.05.2012 16:30, schrieb Corey Bryant:
On 05/22/2012 04:18 AM, Kevin Wolf wrote:
Am 21.05.2012 22:19, schrieb Corey Bryant:
libvirt's sVirt security driver provides SELinux MAC isolation for
Qemu guest processes and their corresponding image fi
Am 22.05.2012 17:01, schrieb Eric Blake:
> On 05/22/2012 08:45 AM, Kevin Wolf wrote:
>
>>> I understand that open("/dev/fd/42") would be the same as dup(42), but
>>> I'm not sure that I'm entirely clear on how this would work. Could you
>>> give an example?
>>
>> With your approach you open the
On 05/22/2012 08:45 AM, Kevin Wolf wrote:
>> I understand that open("/dev/fd/42") would be the same as dup(42), but
>> I'm not sure that I'm entirely clear on how this would work. Could you
>> give an example?
>
> With your approach you open the file outside qemu, pass the fd to qemu
> along w
Am 22.05.2012 16:30, schrieb Corey Bryant:
>
>
> On 05/22/2012 04:18 AM, Kevin Wolf wrote:
>> Am 21.05.2012 22:19, schrieb Corey Bryant:
>>> libvirt's sVirt security driver provides SELinux MAC isolation for
>>> Qemu guest processes and their corresponding image files. In other
>>> words, sVirt
On 05/22/2012 04:18 AM, Kevin Wolf wrote:
Am 21.05.2012 22:19, schrieb Corey Bryant:
libvirt's sVirt security driver provides SELinux MAC isolation for
Qemu guest processes and their corresponding image files. In other
words, sVirt uses SELinux to prevent a QEMU process from opening
files tha
Am 22.05.2012 14:02, schrieb Eric Blake:
> On 05/22/2012 02:18 AM, Kevin Wolf wrote:
>
>>> This patch series adds the -filefd command-line option and the
>>> getfd_file monitor command. This will enable libvirt to open a
>>> file and push the corresponding filename and file descriptor to
>>> QEMU
On 05/22/2012 02:18 AM, Kevin Wolf wrote:
>> This patch series adds the -filefd command-line option and the
>> getfd_file monitor command. This will enable libvirt to open a
>> file and push the corresponding filename and file descriptor to
>> QEMU. When QEMU needs to "open" a file, it will firs
Am 21.05.2012 22:19, schrieb Corey Bryant:
> libvirt's sVirt security driver provides SELinux MAC isolation for
> Qemu guest processes and their corresponding image files. In other
> words, sVirt uses SELinux to prevent a QEMU process from opening
> files that do not belong to it.
>
> sVirt provi
libvirt's sVirt security driver provides SELinux MAC isolation for
Qemu guest processes and their corresponding image files. In other
words, sVirt uses SELinux to prevent a QEMU process from opening
files that do not belong to it.
sVirt provides this support by labeling guests and resources with
13 matches
Mail list logo
