On Fri, Mar 03, 2023 at 10:18:39AM -0800, Andrea Bolognani wrote: > On Fri, Mar 03, 2023 at 06:06:05PM +0000, Daniel P. Berrangé wrote: > > On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote: > > > Right, but wouldn't the idea of poking at the filesystem to retrieve > > > the label from the binary (passt_exec_t) and then applying a text > > > transformation to obtain the runtime label (passt_t) go directly > > > against the idea of not hardcoding information about a specific > > > policy implementation into libvirt? > > > > I'm not suggesting applying a text transformation. The example code > > using libselinux I described in the other reply actually askes the > > kernel to tell us what the target type will be when a process > > labelled passt_exec_t is execd. > > Yeah, that's a lot better. > > > > As I understand it, such a policy would allow virtqemud (virtd_t) to > > > execute passt (passt_exec_t) and automatically result in a transition > > > of the process to the desired context (passt_t). > > > > Yes, and I'm saying we must ask the kernel to tell us what that target > > context will be for the loaded policy, given the source file context. > > I still don't understand why we can't simply execute passt and let > the domain transition defined in the policy take care of switching to > the appropriate label from us, like we do for dnsmasq and other > tools? Why do we need to do things differently for passt? That won't get the per-VM label applied. It will end up running passt_t:s0:c0.c1023, but we want it to be passt_t:s0:c342,155. To transition from non-MCS to MCS, you have to explicitly tell the kernel what to do instead of relying on the plain automatic transition. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
