[refpolicy] qemu context
Dominick Grift
domg472 at gmail.com
Tue Jul 27 11:27:58 CDT 2010
On Tue, Jul 27, 2010 at 09:10:08AM -0700, Justin P. Mattock wrote:
> On 07/27/2010 08:51 AM, Dominick Grift wrote:
> >On Tue, Jul 27, 2010 at 06:29:55AM -0700, Justin P. Mattock wrote:
> >>hello,
> >>
> >>probably can just post on iirc for a faster response..but decided
> >>to e-mail instead.. Anyways I've qemu finally running
> >>after some time of not using it and wanted to know what/where
> >>might I look too get info on the file labels for this.
> >>
> >>right now i've an .img in my home directory(not in var/lib/*)
> >>the context is
> >>ls -lZ name:name name:object_r:virt_image_t:s0 *.img
> >>
> >>is this seem correct?
> >
> >In fedora there is a qemu_image_t type for qemu images.
> >
>
> cool thanks for the response..
> was looking at some wikis and stuff I'll have todo some more reading
> on this.
>
> from what I see so far libvirt plays an important role(I think) but
> still need to look into it.
>
> So far my setup, is a simple build of qemu-kvm, added the udev rule
> so I dont run as root,and my *.img is in the home directory(still
> debating if I need libvirt).
>
> main concern is making the virtual os confined so if it gets
> exploited(sorry winxp) my main system is not touched or exploited(if
> it ever gets to that point)
>
if you use kvm its indeed virt_image_t. Readhat distros also have svirt which uses mcs to seperate guests.
> Justin P. Mattock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100727/3e0bda8c/attachment.bin
More information about the refpolicy
mailing list