From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:51834)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1SWkIr-00073C-0Z
	for qemu-devel@nongnu.org; Tue, 22 May 2012 04:18:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1SWkIk-0005W3-SI
	for qemu-devel@nongnu.org; Tue, 22 May 2012 04:18:48 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36392)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1SWkIk-0005VN-KL
	for qemu-devel@nongnu.org; Tue, 22 May 2012 04:18:42 -0400
Message-ID: <4FBB4BCE.5080905@redhat.com>
Date: Tue, 22 May 2012 10:18:22 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
References: <1337631598-30639-1-git-send-email-coreyb@linux.vnet.ibm.com>
In-Reply-To: <1337631598-30639-1-git-send-email-coreyb@linux.vnet.ibm.com>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC PATCH 0/4] block: file descriptor passing
 using -filefd and getfd_file
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: libvir-list@redhat.com, aliguori@us.ibm.com, eblake@redhat.com, qemu-devel@nongnu.org, stefanha@linux.vnet.ibm.com

Am 21.05.2012 22:19, schrieb Corey Bryant:
> libvirt's sVirt security driver provides SELinux MAC isolation for
> Qemu guest processes and their corresponding image files.  In other
> words, sVirt uses SELinux to prevent a QEMU process from opening
> files that do not belong to it.
> 
> sVirt provides this support by labeling guests and resources with
> security labels that are stored in file system extended attributes.
> Some file systems, such as NFS, do not support the extended
> attribute security namespace, and therefore cannot support sVirt
> isolation.
> 
> A solution to this problem is to provide fd passing support, where
> libvirt opens files and passes file descriptors to QEMU.  This,
> along with SELinux policy to prevent QEMU from opening files, can
> provide image file isolation for NFS files.
> 
> This patch series adds the -filefd command-line option and the
> getfd_file monitor command.  This will enable libvirt to open a
> file and push the corresponding filename and file descriptor to
> QEMU.  When QEMU needs to "open" a file, it will first check if the
> file descriptor was passed by either of these methods before
> attempting to actually open the file.

I thought we decided to avoid making some file names magic, and instead
go for the obvious /dev/fd/42?

Kevin