sVirt Change Log
------------------
-----------------------------------------------------------------------------
v0.20 - 11/Dec/2008
-----------------------------------------------------------------------------
* Published TODO list:
http://selinuxproject.org/page/SVirt/TODO
* Rebased to current upstream: converted to new build system, locking etc.
* Changed DOI format to an integer value, represented via a string,
defaulting to "0". Ongoing general discussion on DOI formats and
semantics may be found at:
http://mail.opensolaris.org/mailman/listinfo/doi-discuss
* Introduced the concept of a "security model", to more easily distinguish
between security models and labels in the API.
* The security model and DOI attributes are now properties of the hypervisor
(instead of the domain label), and included in its host capabilities,
e.g.:
x86_64selinux0
....
Implicit here is the assumption that each hypervisor may only be
associated with one security model.
* Integrated security model support into "virsh capabilities".
* The domain configuration label is now of the form:
....
* The model attribute of the seclabel element above is validated against the
host security model at runtime.
* The output of "virsh dominfo" for a running labeled domain is now as
follows:
# dominfo sys1
Id: 1
Name: sys1
UUID: fa3c8e06-0877-2a08-06fd-f2479b7bacb0
OS Type: hvm
Security model: selinux
Security DOI: 0
State: running
CPU(s): 1
CPU time: 24.9s
Max memory: 524288 kB
Used memory: 524288 kB
Autostart: disable
Security label: system_u:system_r:virtd_t:s0 (enforcing)
* The security policy enforcing is a dynamic property of the domain security
label, as it may be applied on a per-domain basis.
* The main aspects to security labeling support in the library and
associated data structures are as follows:
Domain configuration: virDomainSecLabelDef
Host capabilities: virDomainSecModel
Active domain state: virDomainSecLabel
-----------------------------------------------------------------------------