On Wed, Apr 07, 2021 at 07:08:34AM -0700, Vit Mojzis wrote: > From: Nikola Knazekova <nknazeko@xxxxxxxxxx> > > SELinux policy was created for: > > Hypervisor drivers: > - virtqemud (QEMU/KVM) > - virtlxcd (LXC) > - virtvboxd (VirtualBox) > > Secondary drivers: > - virtstoraged (host storage mgmt) > - virtnetworkd (virtual network mgmt) > - virtinterface (network interface mgmt) > - virtnodedevd (physical device mgmt) > - virtsecretd (security credential mgmt) > - virtnwfilterd (ip[6]tables/ebtables mgmt) > - virtproxyd (proxy daemon) > > SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages. These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made. > > Signed-off-by: Nikola Knazekova <nknazeko@xxxxxxxxxx> > --- > libvirt.spec.in | 64 ++ I'd suggest just removing these parts of the patch, since we're changing it again twice in later patches. Just add the RPM spec changes attime you add the meson build rules. This patch can just be the policy file import > selinux/virt.fc | 111 +++ > selinux/virt.if | 1984 ++++++++++++++++++++++++++++++++++++++++++++ > selinux/virt.te | 2086 +++++++++++++++++++++++++++++++++++++++++++++++ Put these into $GIT/src/security/selinux, since that's alongside where we store the apparmor policy. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|