Daniel J Walsh
dwalsh at redhat.com
Fri Jun 4 15:32:25 CDT 2010
On 06/04/2010 11:43 AM, Christopher J. PeBenito wrote:
> On Fri, 2010-06-04 at 10:53 -0400, Daniel J Walsh wrote:
>> On 06/04/2010 09:52 AM, Christopher J. PeBenito wrote:
>>> On Wed, 2010-06-02 at 16:18 -0400, Daniel J Walsh wrote:
>>>> tun_tap_device is an mls trusted object
>>> Why? This seems wrong to me.
>> I think virtual machines at different levels need to talk to this device.
> But there are several of these devices. Making it trusted means that
> theres no separation between the networks, which seems contrary to what
> a MLS system would want. More likely, the MLS label needs to be changed
> as needed.
I think the kernel will take care of the isolation.
Eric Dan, Is tuntap device per qemu instance?
More information about the refpolicy