This is an extension of https://listman.redhat.com/archives/libvir-list/2021-July/msg00167.html The original patches from that series are unchanged apart from the commit message, and tweak to the min fedora version in the RPM. I then include various refactors/cleanups. On Fedora 34 I notice the following: ../src/security/selinux/virt.te:579: Warning: fs_rw_anon_inodefs_files(virtd_t) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:580: Warning: fs_list_inotifyfs(virtd_t) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:985: Warning: fs_rw_anon_inodefs_files(virt_domain) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:1520: Warning: fs_list_inotifyfs(svirt_sandbox_domain) has been deprecated. All calls can be safely removed. assuming those warnings are correct, we can delete a few things from the policy, but that's not done here. Daniel P. Berrangé (10): selinux: remove redundant use of 'set_variable' function selinux: move selinux policy build helper to scripts directory selinux: don't hardcode paths to selinux tools selinux: don't hardcode policy include files directory rpm: move logic for setting selinux policy variables rpm: rename selinux variables to improve clarity selinux: introduce meson option for selinux policy install selinux: remove duplicate sources list for policy scripts: use variables for cli args in selinux helper scripts: factor repeated path joins from selinux helper Nikola Knazekova (1): security: add SELinux policy for virt Vit Mojzis (2): selinux: introduce build, install, packaging for selinux policy Install selinux-policy-devel in test environment ci/containers/centos-8.Dockerfile | 1 + ci/containers/centos-stream-8.Dockerfile | 1 + ci/containers/fedora-33.Dockerfile | 1 + ci/containers/fedora-34.Dockerfile | 1 + .../fedora-rawhide-cross-mingw32.Dockerfile | 1 + .../fedora-rawhide-cross-mingw64.Dockerfile | 1 + ci/containers/fedora-rawhide.Dockerfile | 1 + libvirt.spec.in | 100 + meson.build | 1 + meson_options.txt | 2 + scripts/meson.build | 1 + scripts/selinux-compile-policy.py | 156 ++ src/security/meson.build | 2 + src/security/selinux/mcs/meson.build | 17 + src/security/selinux/meson.build | 45 + src/security/selinux/mls/meson.build | 17 + src/security/selinux/virt.fc | 111 + src/security/selinux/virt.if | 1984 ++++++++++++++++ src/security/selinux/virt.te | 2078 +++++++++++++++++ 19 files changed, 4521 insertions(+) create mode 100755 scripts/selinux-compile-policy.py create mode 100644 src/security/selinux/mcs/meson.build create mode 100644 src/security/selinux/meson.build create mode 100644 src/security/selinux/mls/meson.build create mode 100644 src/security/selinux/virt.fc create mode 100644 src/security/selinux/virt.if create mode 100644 src/security/selinux/virt.te -- 2.31.1
