1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-26 03:21:44 +03:00
libvirt/tests/securityselinuxlabeldata/chardev.xml
Daniel P. Berrange 907a39e735 Add a test suite for validating SELinux labelling
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:40:04 +00:00

48 lines
1.4 KiB
XML

<domain type='kvm'>
<name>vm1</name>
<uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
<memory unit='KiB'>219200</memory>
<os>
<type arch='i686' machine='pc-1.0'>hvm</type>
<boot dev='cdrom'/>
</os>
<devices>
<serial type='file'>
<source path='/plain.txt'/>
</serial>
<serial type='pipe'>
<source path='/plain.fifo'/>
</serial>
<serial type='dev'>
<source path='/plain.dev'/>
</serial>
<serial type='unix'>
<source mode='bind' path='/plain.sock'/>
</serial>
<serial type='unix'>
<source mode='connect' path='/nolabel.sock'>
<seclabel relabel='no' model='selinux'/>
</source>
</serial>
<serial type='unix'>
<source mode='connect' path='/yeslabel.sock'>
</source>
</serial>
<serial type='unix'>
<source mode='connect' path='/altlabel.sock'>
<seclabel relabel='yes' model='selinux'>
<label>system_u:object_r:svirt_image_custom_t:s0:c41,c264</label>
</seclabel>
</source>
</serial>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
</devices>
<seclabel model="selinux" type="dynamic" relabel="yes">
<label>system_u:system_r:svirt_t:s0:c41,c264</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
</seclabel>
</domain>