On Fri, Mar 03, 2023 at 06:06:05PM +0000, Daniel P. Berrangé wrote: > On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote: > > Right, but wouldn't the idea of poking at the filesystem to retrieve > > the label from the binary (passt_exec_t) and then applying a text > > transformation to obtain the runtime label (passt_t) go directly > > against the idea of not hardcoding information about a specific > > policy implementation into libvirt? > > I'm not suggesting applying a text transformation. The example code > using libselinux I described in the other reply actually askes the > kernel to tell us what the target type will be when a process > labelled passt_exec_t is execd. Yeah, that's a lot better. > > As I understand it, such a policy would allow virtqemud (virtd_t) to > > execute passt (passt_exec_t) and automatically result in a transition > > of the process to the desired context (passt_t). > > Yes, and I'm saying we must ask the kernel to tell us what that target > context will be for the loaded policy, given the source file context. I still don't understand why we can't simply execute passt and let the domain transition defined in the policy take care of switching to the appropriate label from us, like we do for dnsmasq and other tools? Why do we need to do things differently for passt? -- Andrea Bolognani / Red Hat / Virtualization