On Thu, Jun 04, 2020 at 08:44:07PM +0200, Michal Privoznik wrote: > For the case where -fw_cfg uses a file, we need to set the > seclabels on it to allow QEMU the access. While QEMU allows > writing into the file (if specified on the command line), so far > we are enabling reading only and thus we can use read only label > (in case of SELinux). > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/security/security_dac.c | 50 +++++++++++++++++++++++++++++++++ > src/security/security_selinux.c | 50 +++++++++++++++++++++++++++++++++ > src/security/virt-aa-helper.c | 12 ++++++++ > 3 files changed, 112 insertions(+) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|