Nir Soffer has posted comments on this change. Change subject: lvm: Set libvirt image selinux label on block devices backing vdsm images ......................................................................
Patch Set 2: (6 comments) http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG Commit Message: Line 5: CommitDate: 2014-09-29 18:01:31 +0300 Line 6: Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm images Line 8: Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way > s/such wat/in such a way/ Done Line 10: that domain can only access files which are labelled svirt_image_t Line 11: label. Libvirt set this label on block devices backing images when Line 12: starting a vm. Line 13: Line 6: Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm images Line 8: Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way Line 10: that domain can only access files which are labelled svirt_image_t > s/domain/a domain/ Done Line 11: label. Libvirt set this label on block devices backing images when Line 12: starting a vm. Line 13: Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is lost Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm images Line 8: Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way Line 10: that domain can only access files which are labelled svirt_image_t Line 11: label. Libvirt set this label on block devices backing images when > s/set/sets/ Done Line 12: starting a vm. Line 13: Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is lost Line 15: after refreshing a logical volume. This cause vm to pause. The only way Line 8: Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way Line 10: that domain can only access files which are labelled svirt_image_t Line 11: label. Libvirt set this label on block devices backing images when Line 12: starting a vm. > s/starting/it starts/ Done Line 13: Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is lost Line 15: after refreshing a logical volume. This cause vm to pause. The only way Line 16: to use the vm is to shut it down and start it again, which cause libvirt Line 11: label. Libvirt set this label on block devices backing images when Line 12: starting a vm. Line 13: Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is lost Line 15: after refreshing a logical volume. This cause vm to pause. The only way > s/cause vm/causes the vm/ Done Line 16: to use the vm is to shut it down and start it again, which cause libvirt Line 17: to setup the selinux label properly. Line 18: Line 19: Practically this issue breaks thin provisioning on block storage on the Line 12: starting a vm. Line 13: Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is lost Line 15: after refreshing a logical volume. This cause vm to pause. The only way Line 16: to use the vm is to shut it down and start it again, which cause libvirt > s/cause/causes/ Done Line 17: to setup the selinux label properly. Line 18: Line 19: Practically this issue breaks thin provisioning on block storage on the Line 20: effected platforms. -- To view, visit http://gerrit.ovirt.org/33492 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10 Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Nir Soffer <[email protected]> Gerrit-Reviewer: Allon Mureinik <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Federico Simoncelli <[email protected]> Gerrit-Reviewer: Francesco Romani <[email protected]> Gerrit-Reviewer: Nir Soffer <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
