External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 05:57:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
c4ac050fcb
libvirt/docs
History
Eric Blake 6cb4acce8b seclabel: extend XML to allow per-disk label overrides 
When doing security relabeling, there are cases where a per-file
override might be appropriate.  For example, with a static label
and relabeling, it might be appropriate to skip relabeling on a
particular disk, where the backing file lives on NFS that lacks
the ability to track labeling.  Or with dynamic labeling, it might
be appropriate to use a custom (non-dynamic) label for a disk
specifically intended to be shared across domains.

The new XML resembles the top-level <seclabel>, but with fewer
options (basically relabel='no', or <label>text</label>):

<domain ...>
  ...
  <devices>
    <disk type='file' device='disk'>
      <source file='/path/to/image1'>
        <seclabel relabel='no'/> <!-- override for just this disk -->
      </source>
      ...
    </disk>
    <disk type='file' device='disk'>
      <source file='/path/to/image1'>
        <seclabel relabel='yes'> <!-- override for just this disk -->
          <label>system_u:object_r:shared_content_t:s0</label>
        </seclabel>
      </source>
      ...
    </disk>
    ...
  </devices>
  <seclabel type='dynamic' model='selinux'>
    <baselabel>text</baselabel> <!-- used for all devices without override -->
  </seclabel>
</domain>

This patch only introduces the XML and documentation; future patches
will actually parse and make use of it.  The intent is that we can
further extend things as needed, adding a per-device <seclabel> in
more places (such as the source of a console device), and possibly
allowing a <baselabel> instead of <label> for labeling where we want
to reuse the cNNN,cNNN pair of a dynamically labeled domain but a
different base label.

First suggested by Daniel P. Berrange here:
https://www.redhat.com/archives/libvir-list/2011-December/msg00258.html

* docs/schemas/domaincommon.rng (devSeclabel): New define.
(disk): Use it.
* docs/formatdomain.html.in (elementsDisks, seclabel): Document
the new XML.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml:
New test, to validate RNG.
2011-12-30 10:57:58 +08:00
..
api_extension maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
devhelp build: Fix API docs generation in VPATH build 2011-02-21 14:46:23 +01:00
html Remove all generated docs from source control 2009-09-21 14:41:47 +01:00
internals Extend RPC protocol to allow FD passing 2011-10-28 10:27:15 +01:00
schemas seclabel: extend XML to allow per-disk label overrides 2011-12-30 10:57:58 +08:00
.gitignore Add automatic generation of a todo item page 2010-10-12 11:26:52 +01:00
32favicon.png * docs/site.xsl docs/*.png docs/*.html: update the images from Diana, 2006-01-23 22:55:41 +00:00
api_extension.html.in build: use shorter file names for 'make dist' 2010-10-27 16:29:25 -06:00
api.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
apibuild.py qemu_api: Modify apibuild.py to generate docs for QEMU APIs 2011-09-14 11:36:10 +08:00
apps.html.in docs: mention EMOTIVE as a libvirt-using app 2011-07-14 15:34:37 -06:00
archdomain.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
architecture.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
architecture.gif * docs/architecture.* docs/*: added a section on the architecture 2005-12-21 16:59:34 +00:00
architecture.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
archnetwork.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
archnode.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
archstorage.html.in Cleanup whitespace in docs 2009-11-06 16:05:18 +01:00
auth.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
bindings.html.in docs: Add information about libvirt-php new location 2011-02-09 12:29:29 -07:00
bugs.html.in Augment bug reporting documentation 2010-11-10 13:16:37 +01:00
compiling.html.in docs: added compiling page and significantly expanded windows page 2010-12-21 20:55:10 +11:00
contact.html.in docs: added libvirt-announce to contact page 2011-01-05 18:07:30 +11:00
csharp.html.in docs: updated c# bindings with arnauds latest changes 2010-11-30 02:22:38 +11:00
deployment.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
devguide.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
docs.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
downloads.html.in docs: added compiling page and significantly expanded windows page 2010-12-21 20:55:10 +11:00
drivers.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
drvesx.html.in esx: Support folders in the path of vpx:// connection URIs 2011-11-01 18:45:42 +01:00
drvhyperv.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
drvlxc.html.in Allow passing of command line args to LXC container 2011-10-04 14:15:09 +01:00
drvopenvz.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvqemu.html.in docs: document <qemu:commandline> xml 2011-12-19 14:19:12 -07:00
drvremote.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
drvtest.html.in Whitespace cleanup for pre-tags on the website 2009-11-16 22:42:13 +01:00
drvuml.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvvbox.html.in vbox: Support shared folders 2011-10-29 19:50:48 +02:00
drvvmware.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvxen.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
errors.html.in Fix a number of small typos 2009-09-22 12:55:39 +02:00
et.png * docs/Makefile.am docs/et.png docs/libvirt.css docs/page.xsl 2008-04-28 08:29:35 +00:00
firewall.html.in html docs: added firewall explanation page by daniel berrange 2010-07-10 22:47:00 +10:00
footer_corner.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
footer_pattern.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
format.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
formatcaps.html.in Remove powerMgmt_valid field from capabilities struct 2011-11-30 10:12:30 +00:00
formatdomain.html.in seclabel: extend XML to allow per-disk label overrides 2011-12-30 10:57:58 +08:00
formatnetwork.html.in docs: fix incorrect info about routed networks 2011-10-20 16:51:28 -04:00
formatnode.html.in npiv: Expose fabric_name outside 2011-12-07 18:42:08 +08:00
formatnwfilter.html.in Add documentation for STP filtering support 2011-11-22 15:12:03 -05:00
formatsecret.html.in secret: add Ceph secret type 2011-10-28 11:34:17 -06:00
formatsnapshot.html.in snapshot: also support disks by path 2011-09-05 07:03:04 -06:00
formatstorage.html.in Fix typo in storage pool documentation 2011-12-19 16:33:42 +01:00
formatstorageencryption.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
generic.css Fix missing background color 2009-12-03 15:27:24 +01:00
goals.html.in Update on the goal page 2011-03-28 10:40:24 +08:00
hacking1.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00
hacking2.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00
hacking.html.in Document STREQ_NULLABLE and STRNEQ_NULLABLE 2011-10-06 16:50:38 +02:00
hooks.html.in Fix several formatting mistakes in doc 2011-03-31 14:36:19 -06:00
hvsupport.pl docs: Make hvsupport.pl pick up the host device drivers 2011-06-06 10:45:59 +02:00
index.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
index.py maint: Expand tabs in python code 2011-02-18 08:59:51 +01:00
internals.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
intro.html.in * docs/*: start cleanup/revamp of architecture docs 2009-04-02 12:01:11 +00:00
java.html.in Fix a number of small typos 2009-09-22 12:55:39 +02:00
library.xen remove all trailing blank lines 2009-07-16 15:06:42 +02:00
libvirt-daemon-arch.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-daemon-arch.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt-driver-arch.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-driver-arch.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt-header-bg.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-header-logo.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-net-logical.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-net-logical.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-net-physical.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-net-physical.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-object-model.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-object-model.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt.css Add documentation about migration. 2011-10-28 10:07:45 +01:00
libvirtLogo.png * //* : renamed the project libvirt , this affects all makefiles, 2006-02-09 17:45:11 +00:00
locking.html.in Add documentation for configuration lock managers 2011-06-28 18:19:00 +01:00
logging.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
madeWith.png * //* : renamed the project libvirt , this affects all makefiles, 2006-02-09 17:45:11 +00:00
main.css Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
Makefile.am Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-managed-direct.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-managed-direct.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-managed-p2p.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-managed-p2p.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-native.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-native.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-tunnel.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-tunnel.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-unmanaged-direct.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-unmanaged-direct.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration.html.in Add documentation about migration. 2011-10-28 10:07:45 +01:00
newapi.xsl Improve tokenizing of linkable terms 2011-08-12 07:35:19 -06:00
news.html.in Release of libvirt-0.9.8 2011-12-08 15:13:50 +08:00
news.xsl Convert NEWS to UTF-8 2009-07-29 09:04:21 +01:00
node.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
node.gif * doc/*: augment and try to complete the doc in its current state 2006-01-23 13:24:07 +00:00
page.xsl docs: replace CRLF with LF 2011-01-28 08:44:05 -07:00
php.html.in docs: Add information about libvirt-php new location 2011-02-09 12:29:29 -07:00
python.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
relatedlinks.html.in Cleanup whitespace in docs 2009-11-06 16:05:18 +01:00
remote.html.in Add some docs about the RPC protocol and APIs 2011-08-12 13:54:10 +01:00
search.php A couple of fixes for the search PHP code 2011-01-17 16:55:41 +08:00
site.xsl Change generated HTML to UTF-8 encoding 2009-12-08 16:09:33 +01:00
sitemap.html.in Add documentation about migration. 2011-10-28 10:07:45 +01:00
storage.html.in docs: fix the xml validity errors regarding name and id 2010-09-17 00:41:08 +10:00
structures.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
subsite.xsl virCommand: docs for usage of new command APIs 2010-12-02 16:00:47 -07:00
testapi.html.in Add documentation about test suites 2011-05-11 19:18:38 +08:00
testsuites.html.in docs: avoid double 'the' 2011-05-11 08:18:04 -06:00
testtck.html.in Add documentation about test suites 2011-05-11 19:18:38 +08:00
todo.cfg-example Add automatic generation of a todo item page 2010-10-12 11:26:52 +01:00
todo.pl Skip bugs which are CLOSED in todo list 2011-07-12 17:10:33 +01:00
uri.html.in Allow for URI aliases when connecting to libvirt 2011-10-19 09:14:34 +01:00
virshcmdref.html.in docs: updated memtune info again in virsh command reference 2011-01-11 07:33:15 +11:00
windows.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
wrapstring.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00