Selinux MCS generate a single category context and may be accessed by another machine
Goal
A machine(image file) with context like system_u:system_r:svirt_tcg_t:s0:c423 can be accessed by a machine with context like system_u:system_r:svirt_tcg_t:s0:c423,c792. This should be avoided.
Technical details
In src/security/security_selinux.c, virSecuritySELinuxMCSFind(), We can see that the program randomly gets two numbers. But if c1 == c2, the program will generate a single category context like s0:cXXX,
if (c1 == c2) {
mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
}
But if we have got machine with context like "s0:cXXX,cYYY" ,It will be able to read the image of machine with "s0:cXXX". This should be avoided.
Additional information
if (c1 == c2) {
VIR_FREE(mcs);
continue;
}