From: justinmattock@gmail.com (Justin P. Mattock)
Date: Tue, 27 Jul 2010 09:46:53 -0700
Subject: [refpolicy] qemu context
In-Reply-To: <20100727162757.GC10237@localhost.localdomain>
References: <4C4EDF53.9030001@gmail.com>	<20100727155149.GA10237@localhost.localdomain>	<4C4F04E0.2000500@gmail.com>
	<20100727162757.GC10237@localhost.localdomain>
Message-ID: <4C4F0D7D.70400@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/27/2010 09:27 AM, Dominick Grift wrote:
> On Tue, Jul 27, 2010 at 09:10:08AM -0700, Justin P. Mattock wrote:
>> On 07/27/2010 08:51 AM, Dominick Grift wrote:
>>> On Tue, Jul 27, 2010 at 06:29:55AM -0700, Justin P. Mattock wrote:
>>>> hello,
>>>>
>>>> probably can just post on iirc for a faster response..but decided
>>>> to e-mail instead.. Anyways I've qemu finally running
>>>> after some time of not using it and wanted to know what/where
>>>> might I look too get info on the file labels for this.
>>>>
>>>> right now i've an .img in my home directory(not in var/lib/*)
>>>> the context is
>>>> ls -lZ name:name name:object_r:virt_image_t:s0 *.img
>>>>
>>>> is this seem correct?
>>>
>>> In fedora there is a qemu_image_t type for qemu images.
>>>
>>
>> cool thanks for the response..
>> was looking at some wikis and stuff I'll have todo some more reading
>> on this.
>>
>> from what I see so far libvirt plays an important role(I think) but
>> still need to look into it.
>>
>> So far my setup, is a simple build of qemu-kvm, added the udev rule
>> so I dont run as root,and my *.img is in the home directory(still
>> debating if I need libvirt).
>>
>> main concern is making the virtual os confined so if it gets
>> exploited(sorry winxp) my main system is not touched or exploited(if
>> it ever gets to that point)
>>
>
> if you use kvm its indeed virt_image_t. Readhat distros also have svirt which uses mcs to seperate guests.
>

yeah thats what Im seeing.. just need to see if I need libvirt or not..

cheers,

Justin P. Mattock