SELinux & Xen
Jordi Prats
jprats at cesca.es
Sun Jun 10 22:58:02 UTC 2007
Hi all,
I've read this brief documentation on the fedora and RHEL5 documentation
page:
http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart#head-42db86c47fbb6d5abc7c6e5d931028d74d1b4102
https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Virtualization-en-US/ch-virt-selinux-considerations.html
I'm understanding that this will grant access to the device to the xen
daemon (xend)
# semanage fcontext -a -t xen_image _t -f -b /dev/sda2
# restorecon /dev/sda2
But there's any way that you can be sure that a given domain can't acces
to data on a other xen guest (a diferent device) using selinux?
So, the Xen guest A could only acces to /dev/sda, and Xen guest B could
only acces to /dev/sdb but they both are using the same xend daemon.
Thank you very much!
Jordi
--
......................................................................
__
/ / Jordi Prats Català
C E / S / C A Departament de Sistemes
/_/ Centre de Supercomputació de Catalunya
Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona
T. 93 205 6464 · F. 93 205 6979 · jprats at cesca.es
......................................................................
pgp:0x5D0D1321
......................................................................
More information about the selinux
mailing list