On Fri, May 20, 2011 at 9:48 PM, Corey Bryant <brynt...@us.ibm.com> wrote: > sVirt provides SELinux MAC isolation for Qemu guest processes and their > corresponding resources (image files). sVirt provides this support > by labeling guests and resources with security labels that are stored > in file system extended attributes. Some file systems, such as NFS, do > not support the extended attribute security namespace, which is needed > for image file isolation when using the sVirt SELinux security driver > in libvirt. > > The proposed solution entails a combination of Qemu, libvirt, and > SELinux patches that work together to isolate multiple guests' images > when they're stored in the same NFS mount. This results in an > environment where sVirt isolation and NFS image file isolation can both > be provided.
Very nice. QEMU should use this to support privilege separation. We already have chroot and runas switches, a new switch should convert all file references to fd references internally for that process. If this can be made transparent, this should even be the default way of operation.
