[libvirt PATCH 4/4] qemu: set SELinux label of passt process to its own binary's label

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



set useBinarySpecificLabel = true when calling qemuSecurityCommandRun
for the passt process, so that the new process context will include
the binary-specific label that should be used for passt (passt_t)
rather than svirt_t (as would happen if useBinarySpecificLabel was
false). (The MCS part of the label, which is common to all child
processes related to a particular qemu domain instance, is also set).

Resolves: https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
 src/qemu/qemu_passt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index fd0076077e..2153c0ac46 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -281,7 +281,7 @@ qemuPasstStart(virDomainObj *vm,
     if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
         return -1;
 
-    if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false, NULL) < 0)
+    if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true, NULL) < 0)
         goto error;
 
     return 0;
-- 
2.39.2




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux