From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 07 Jun 2010 09:23:59 -0400
Subject: [refpolicy] kernel_devices.patch
In-Reply-To: <1275916842.809.90.camel@gorn.columbia.tresys.com>
References: <4C06BCD3.5020900@redhat.com>
	<1275916842.809.90.camel@gorn.columbia.tresys.com>
Message-ID: <4C0CF2EF.4090909@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/07/2010 09:20 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 16:19 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_devices.patch
>>
>> vhost_device_t added for libvirt/qemu
>>
>> /dev/usbmon device added
>>
>> Added default label for /sys so libvirt could relabel to it.
>
> I don't understand this.  There should be no files labeled sysfs_t,
> except for the entries created by the kernel on the fs itself, which get
> the right label already.
>
>> lots of new interfaces.
>
> Otherwise merged.
>
libvirt currently does the equivalent of

chcon svirt_t:MCS1 DEVICE
Run QEMU
restorecon DEVICE

If /sys is <<none>> then it does not have a label to change the context 
back to.  And leaves the context with a label svirt_t:MCS1.  If it later 
picks an svirt_t:MCS1 for a different image, this /sys device is vulnerable.