On 3/9/23 05:49, Laine Stump wrote: > All the necessary explanation is in Path 3/4 > > We may want to turn on this same behavior for some other external > processes, but right now the one we need it for is passt. > > Resolves: https://bugzilla.redhat.com/2172267 > > Laine Stump (4): > util: add an API to retrieve the resolved path to a virCommand's > binary > security: make args to virSecuritySELinuxContextAddRange() const > security: make it possible to set SELinux label of child process from > its binary > qemu: set SELinux label of passt process to its own binary's label > > src/libvirt_private.syms | 1 + > src/qemu/qemu_dbus.c | 2 +- > src/qemu/qemu_passt.c | 2 +- > src/qemu/qemu_process.c | 2 +- > src/qemu/qemu_security.c | 5 ++- > src/qemu/qemu_security.h | 1 + > src/qemu/qemu_slirp.c | 2 +- > src/qemu/qemu_tpm.c | 3 +- > src/qemu/qemu_vhost_user_gpu.c | 2 +- > src/security/security_apparmor.c | 1 + > src/security/security_dac.c | 1 + > src/security/security_driver.h | 1 + > src/security/security_manager.c | 8 +++- > src/security/security_manager.h | 1 + > src/security/security_nop.c | 1 + > src/security/security_selinux.c | 77 ++++++++++++++++++++++++++++++-- > src/security/security_stack.c | 5 ++- > src/util/vircommand.c | 51 ++++++++++++++++----- > src/util/vircommand.h | 1 + > 19 files changed, 143 insertions(+), 24 deletions(-) > Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Does this mean, we should lift the temporary limitation documented in NEWS.rst? Michal
