mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
907a39e735
There are many aspects of the guest XML which result in the SELinux driver applying file labelling. With the increasing configuration options it is desirable to test this behaviour. It is not possible to assume that the test suite has the ability to set SELinux labels. Most filesystems though will support extended attributes. Thus for the purpose of testing, it is possible to extend the existing LD_PRELOAD hack to override setfilecon() and getfilecon() to simply use the 'user.libvirt.selinux' attribute for the sake of testing. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
48 lines
1.4 KiB
XML
48 lines
1.4 KiB
XML
<domain type='kvm'>
|
|
<name>vm1</name>
|
|
<uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
|
|
<memory unit='KiB'>219200</memory>
|
|
<os>
|
|
<type arch='i686' machine='pc-1.0'>hvm</type>
|
|
<boot dev='cdrom'/>
|
|
</os>
|
|
<devices>
|
|
<serial type='file'>
|
|
<source path='/plain.txt'/>
|
|
</serial>
|
|
<serial type='pipe'>
|
|
<source path='/plain.fifo'/>
|
|
</serial>
|
|
<serial type='dev'>
|
|
<source path='/plain.dev'/>
|
|
</serial>
|
|
<serial type='unix'>
|
|
<source mode='bind' path='/plain.sock'/>
|
|
</serial>
|
|
<serial type='unix'>
|
|
<source mode='connect' path='/nolabel.sock'>
|
|
<seclabel relabel='no' model='selinux'/>
|
|
</source>
|
|
</serial>
|
|
<serial type='unix'>
|
|
<source mode='connect' path='/yeslabel.sock'>
|
|
</source>
|
|
</serial>
|
|
<serial type='unix'>
|
|
<source mode='connect' path='/altlabel.sock'>
|
|
<seclabel relabel='yes' model='selinux'>
|
|
<label>system_u:object_r:svirt_image_custom_t:s0:c41,c264</label>
|
|
</seclabel>
|
|
</source>
|
|
</serial>
|
|
<input type='mouse' bus='ps2'/>
|
|
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
|
|
<listen type='address' address='0.0.0.0'/>
|
|
</graphics>
|
|
</devices>
|
|
<seclabel model="selinux" type="dynamic" relabel="yes">
|
|
<label>system_u:system_r:svirt_t:s0:c41,c264</label>
|
|
<imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
|
|
</seclabel>
|
|
</domain>
|