File libvirt-doc-update-description-about-security-labels-on-formatdomain.html.patch of Package libvirt
From 8fc50502928ef8793e0c2eb8ff04a44d1030d371 Mon Sep 17 00:00:00 2001
Message-Id: <8fc50502928ef8793e0c2eb8ff04a44d1030d371.1350297258.git.jdenemar@redhat.com>
From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Date: Tue, 9 Oct 2012 11:00:18 +0200
Subject: [PATCH] doc: update description about security labels on
formatdomain.html
https://bugzilla.redhat.com/show_bug.cgi?id=860519
This patch adds a brief description about labels for each security
driver.
(cherry picked from commit 0d0a7cdcf5ee64922b5966370833e992afb09eba)
---
docs/formatdomain.html.in | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 52da0fe..f93b1a3 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4180,12 +4180,22 @@ qemu-kvm -net nic,model=? /dev/null
<dt><code>label</code></dt>
<dd>If static labelling is used, this must specify the full
security label to assign to the virtual domain. The format
- of the content depends on the security driver in use
+ of the content depends on the security driver in use:
+ <ul>
+ <li>SELinux: a SELinux context.</li>
+ <li>AppArmor: an AppArmor profile.</li>
+ <li>
+ DAC: owner and group separated by colon. They can be
+ defined both as user/group names or uid/gid. The driver will first
+ try to parse these values as names, but a leading plus sign can
+ used to force the driver to parse them as uid or gid.
+ </li>
+ </ul>
</dd>
<dt><code>baselabel</code></dt>
<dd>If dynamic labelling is used, this can optionally be
used to specify the base security label. The format
- of the content depends on the security driver in use
+ of the content depends on the security driver in use.
</dd>
<dt><code>imagelabel</code></dt>
<dd>This is an output only element, which shows the
--
1.7.12.3
