Hi, I created SELinux policy for Libvirt drivers, as part of Decentralized SELinux Policy (DSP) project. DSP guidelines is available: https://fedoraproject.org/wiki/SELinux/IndependentPolicy Discussion about the first version of SELinux policy for Libvirt is available on gitlab: https://gitlab.com/libvirt/libvirt/-/merge_requests/65 SELinux policy was created for: Hypervisor drivers: - virtqemud (QEMU/KVM) - virtlxcd (LXC) - virtvboxd (VirtualBox) Secondary drivers: - virtstoraged (host storage mgmt) - virtnetworkd (virtual network mgmt) - virtinterface (network interface mgmt) - virtnodedevd (physical device mgmt) - virtsecretd (security credential mgmt) - virtnwfilterd (ip[6]tables/ebtables mgmt) - virtproxyd (proxy daemon) SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages. These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made. Can you please look at it? Thanks Nikola
