|Main Archive Page > Month Archives > selinux archives|
This is to announce the release of v0.20 of sVirt, a project to add security labeling support to Linux-based virtualization.
A patch against libvirt is attached; and also included in a release tarball at http://namei.org/svirt/. See 'readme.txt' there for more details on building and running the code.
This release is an update in response to feedback received on the v0.10 prototype release, per the discussion thread at: https://www.redhat.com/archives/libvir-list/2008-October/msg00478.html
Changes are as follows:
Implicit here is the assumption that each hypervisor may only be associated with one security model.
# dominfo sys1
OS Type: hvm
Security model: selinux
Security DOI: 0 State: running CPU(s): 1 CPU time: 24.9s Max memory: 524288 kB Used memory: 524288 kB Autostart: disable
Security label: system_u:system_r:virtd_t:s0 (enforcing)
Domain configuration: virDomainSecLabelDef Host capabilities: virDomainSecModel Active domain state: virDomainSecLabel
I'm hoping to be able to propose an initial version for upstream merge within the next few minor releases, tasks for which are being scoped out in the new TODO list:
If the current release passes review, the next major task will be to add dynamic MCS labeling of domains and disk images for simple isolation.
Feedback is welcome.