+ The seclabel element allows control over the
+ operation of the security drivers. There are two basic
+ modes of operation, dynamic where libvirt automatically
+ generates a unique security label, or static where the
+ application/administrator chooses the labels. With dynamic
+ label generation, libvirt will always automatically
+ relabel any resources associated with the virtual machine.
+ With static label assignment, by default, the administrator
+ or application must ensure labels are set correctly on any
+ resources, however, automatic relabeling can be enabled
+ if desired
+
+ Valid input XML configurations for the security label + are: +
+ ++ <seclabel type='dynamic' model='selinux'/> + + <seclabel type='dynamic' model='selinux'> + <baselabel>system_u:system_r:my_svirt_t:s0</baselabel> + </seclabel> + + <seclabel type='static' model='selinux' relabel='no'> + <label>system_u:system_r:svirt_t:s0:c392,c662</label> + </seclabel> + + <seclabel type='static' model='selinux' relabel='yes'> + <label>system_u:system_r:svirt_t:s0:c392,c662</label> + </seclabel> ++ +
+ When viewing the XML for a running guest with automatic
+ resource relabeling active, an additional XML element,
+ imagelabel, will be included. This is an
+ output-only element, so will be ignored in user supplied
+ XML documents
+
typestatic or dynamic to determine
+ whether libvirt automatically generates a unique security label
+ or not.
+ modelrelabelyes or no. This must always
+ be yes if dynamic label assignment is used. With
+ static label assignment it will default to no.
+ labelbaselabelimagelabel