OpenStack Compute (nova)

Libvirt Driver - Enable sVirt for LXC

Registered by Vladik Romanovsky

The purpose of this blueprint is to enhance the security for LXC instances.

Enabling the dynamic sVirt configuration for LXC instances.
Also allowing the users to set a baselabel for their hosts.

This is according to http://libvirt.org/formatdomain.html#seclabel

 <seclabel type='dynamic' model='selinux'/>

or

  <seclabel type='dynamic' model='selinux'>
    <baselabel>system_u:system_r:my_svirt_t:s0</baselabel>
  </seclabel>

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Vladik Romanovsky
Direction:
Needs approval
Assignee:
Vladik Romanovsky
Definition:
Drafting
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:lxc_sec,n,z

Addressed by: https://review.openstack.org/64671
    libvirt: Configuration element for sVirt support

Addressed by: https://review.openstack.org/64672
    libvirt: enabling svirt for lxc instances
Gerrit topic: https://review.openstack.org/#q,topic:lxc_sec,n,z

Addressed by: https://review.openstack.org/64671
    libvirt: Configuration element for sVirt support

Addressed by: https://review.openstack.org/64672
    libvirt: enabling svirt for lxc instances

If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.