• D
    Add two new security label types · b170eb99
    Daniel P. Berrange 提交于
    Curently security labels can be of type 'dynamic' or 'static'.
    If no security label is given, then 'dynamic' is assumed. The
    current code takes advantage of this default, and avoids even
    saving <seclabel> elements with type='dynamic' to disk. This
    means if you temporarily change security driver, the guests
    can all still start.
    
    With the introduction of sVirt to LXC though, there needs to be
    a new default of 'none' to allow unconfined LXC containers.
    
    This patch introduces two new security label types
    
     - default:  the host configuration decides whether to run the
                 guest with type 'none' or 'dynamic' at guest start
     - none:     the guest will run unconfined by security policy
    
    The 'none' label type will obviously be undesirable for some
    deployments, so a new qemu.conf option allows a host admin to
    mandate confined guests. It is also possible to turn off default
    confinement
    
      security_default_confined = 1|0  (default == 1)
      security_require_confined = 1|0  (default == 0)
    
    * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
      seclabel types
    * src/security/security_manager.c, src/security/security_manager.h:
      Set default sec label types
    * src/security/security_selinux.c: Handle 'none' seclabel type
    * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
      src/qemu/libvirtd_qemu.aug: New security config options
    * src/qemu/qemu_driver.c: Tell security driver about default
      config
    b170eb99
security_manager.h 5.4 KB