diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 928d9e6629..d468299a50 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -947,7 +947,9 @@ <devices> <disk type='file' snapshot='external'> <driver name="tap" type="aio" cache="default"/> - <source file='/var/lib/xen/images/fv0' startupPolicy='optional'/> + <source file='/var/lib/xen/images/fv0'/ startupPolicy='optional'> + <seclabel relabel='no'/> + </source> <target dev='hda' bus='ide'/> <iotune> <total_bytes_sec>10000000</total_bytes_sec> @@ -1023,7 +1025,11 @@ path to the file holding the disk. If the disk type is "block", then the dev attribute specifies the path to the host device to serve as - the disk. If the disk type is "dir", then the + the disk. With both "file" and "block", an optional + sub-element seclabel, described + below (and since 0.9.9), can be + used to override the domain security labeling policy for just + that source file. If the disk type is "dir", then the dir attribute specifies the fully-qualified path to the directory to use as the disk. If the disk type is "network", then the protocol attribute specifies @@ -1031,7 +1037,7 @@ are "nbd", "rbd", and "sheepdog". If the protocol attribute is "rbd" or "sheepdog", an additional attribute name is mandatory to specify which - image to be used. When the disk type is + image will be used. When the disk type is "network", the source may have zero or more host sub-elements used to specify the hosts to connect. @@ -3372,11 +3378,11 @@ qemu-kvm -net nic,model=? /dev/null With static label assignment, by default, the administrator or application must ensure labels are set correctly on any resources, however, automatic relabeling can be enabled - if desired + if desired.

- Valid input XML configurations for the security label + Valid input XML configurations for the top-level security label are:

@@ -3435,6 +3441,19 @@ qemu-kvm -net nic,model=? /dev/null +

When relabeling is in effect, it is also possible to fine-tune + the labeling done for specific source file names, by either + disabling the labeling (useful if the file lives on NFS or other + file system that lacks security labeling) or requesting an + alternate label (useful when a management application creates a + special label to allow sharing of some, but not all, resources + between domains), since 0.9.9. When + a seclabel element is attached to a specific path + rather than the top-level domain assignment, only the + attribute relabel or the + sub-element label are supported. +

+

Example configs

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index dd76f91f3a..7a8f7f436a 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -116,6 +116,27 @@ + + + + + + no + + + + + yes + + + + + + + + + @@ -795,7 +816,9 @@ - + + + @@ -811,7 +834,9 @@ - + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml new file mode 100644 index 0000000000..19b1cbb4c6 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml @@ -0,0 +1,40 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu + + + + + +

+ + + + + + + + + +
+ + + + + + system_u:system_r:svirt_custom_t:s0 + +