|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: assigned a default ssid_label (XSM label) to guests
On 14/05/15 12:54, Ian Campbell wrote: > On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote: >> Hi Ian, >> >> On 14/05/15 11:33, Ian Campbell wrote: >>> system_u:system_r:domU_t is defined in the default policy and makes as >>> much sense as anything for a default. >> >> So you rule out the possibility to run an unlabelled domain? This is >> possible if the policy explicitly authorized it. That's a significant >> change in the libxl behavior. > > I didn't realise this was a possibility, wouldn't such a domain be > system_u:system_r:unlabeled_t> or something? I'm not sure how unlabeled works. I will let Daniel answer to this. > Note that this won't override a label which is just '' (i.e. an empty > string rather than NULL). I don't know if that results in the behaviour > you want. IIRC, NULL means unlabeled. '' would be translated as an invalid ssid and throw an error. Regards, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |