On Thu, Mar 05, 2020 at 03:49:46PM +0100, Andrea Bolognani wrote:
> On Mon, 2020-02-24 at 18:20 +0000, Daniel P. Berrangé wrote:
> > Now that we have more than just the libvirtd daemon, we should be
> > explaining to users what they are all for & important aspects of their
> > configuration.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> > ---
> > docs/daemons.rst | 682 ++++++++++++++++++++++++++++++++++++++++++++++
> > docs/docs.html.in | 3 +
> > 2 files changed, 685 insertions(+)
> > create mode 100644 docs/daemons.rst
>
> I've spotted a few minor issues and I've fixed them, along with the
> ones that Erik had already pointed out, in the attached patch. Please
> squash it in before pushing.
There's no patch attached.
>
> Everything else looks good, so
>
> Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>
>
> I've enabled split-daemon mode on my laptop and it seems to work
> quite seamlessly; however, I had to put SELinux into Permissive mode
> because I was getting
>
> audit[470365]: AVC avc: denied { search } for
> pid=470365 comm="virtlogd" name="470092" dev="proc" ino=1314622
> scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:unconfined_service_t:s0
> tclass=dir permissive=0
There is an RFE open with SELinux maintainers to apply labelling to
the new daemons.
They all currently run unconfined_service_t.
We requested to make them use virtd_t to have parity with libvirtd
policy.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
