Re: [PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/13/20 9:23 AM, Vasiliy Tolstov wrote:

But how about selinux? I'm run qemu-ga in guest and want to modify the
authorized_keys file of some user? Do we need to extend the selinux
policy to allow modification of such files in all guests?
Yes we do. But since qemu-ga offers this under API it should be fairly easy to argue that it should be allowed. It would be much harder to advocate for selinux policy change using solely file APIs of qemu-ga. 

Michal
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux