From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single
 project
Date: Wed, 24 Mar 2010 18:32:51 +0200
Message-ID: <4BAA3EB3.2070101@redhat.com>
References: <20100324134642.GD14800@8bytes.org> <4BAA1A53.20207@redhat.com> <20100324150137.GE14800@8bytes.org> <20100324152653.GA12225@redhat.com> <20100324153746.GF14800@8bytes.org> <4BAA3323.9000405@redhat.com> <20100324155041.GH14800@8bytes.org> <4BAA3556.2040802@redhat.com> <20100324161711.GJ14800@8bytes.org> <4BAA3BD6.8030401@redhat.com> <20100324163119.GL14800@8bytes.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
	Anthony Liguori <anthony@codemonkey.ws>,
	Ingo Molnar <mingo@elte.hu>,
	Pekka Enberg <penberg@cs.helsinki.fi>,
	"Zhang, Yanmin" <yanmin_zhang@linux.intel.com>,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Sheng Yang <sheng@linux.intel.com>,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	Marcelo Tosatti <mtosatti@redhat.com>,
	Jes Sorensen <Jes.Sorensen@redhat.com>,
	Gleb Natapov <gleb@redhat.com>, ziteng.huang@intel.com,
	Arnaldo Carvalho de Melo <acme@redhat.com>,
	Fr?d?ric Weisbecker <fweisbec@gmail.com>,
	Gregory Haskins <ghaskins@novell.com>
To: Joerg Roedel <joro@8bytes.org>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20100324163119.GL14800@8bytes.org>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

On 03/24/2010 06:31 PM, Joerg Roedel wrote:
> On Wed, Mar 24, 2010 at 06:20:38PM +0200, Avi Kivity wrote:
>    
>> On 03/24/2010 06:17 PM, Joerg Roedel wrote:
>>      
>>> But is this not only one entity more for
>>> sVirt to handle? I would leave that decision to the sVirt developers.
>>> Does attaching the same label as for the VM resources mean that root
>>> could not access it anymore?
>>>
>>>        
>> IIUC processes run under a context, and there's a policy somewhere that
>> tells you which context can access which label (and with what
>> permissions).  There was a server on the Internet once that gave you
>> root access and invited you to attack it.  No idea if anyone succeeded
>> or not (I got bored after about a minute).
>>
>> So it depends on the policy.  If you attach the same label, that means
>> all files with the same label have the same access permissions.  I think.
>>      
> So if this is true we can introduce a 'trace' label and add all contexts
> that should be allowed to trace to it.
> But we probably should leave the details to the security experts ;-)
>    

That's just what I want to do.  Leave it in userspace and then they can 
deal with it without telling us about it.

-- 
error compiling committee.c: too many arguments to function