Re: [libvirt PATCH 0/4] qemu/security: start passt process with correct SELinux label

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 10, 2023 at 12:58:46PM +0100, Michal Prívozník wrote:
> On 3/9/23 05:49, Laine Stump wrote:
> > Laine Stump (4):
> >   util: add an API to retrieve the resolved path to a virCommand's
> >     binary
> >   security: make args to virSecuritySELinuxContextAddRange() const
> >   security: make it possible to set SELinux label of child process from
> >     its binary
> >   qemu: set SELinux label of passt process to its own binary's label
> >
> >  src/libvirt_private.syms         |  1 +
> >  src/qemu/qemu_dbus.c             |  2 +-
> >  src/qemu/qemu_passt.c            |  2 +-
> >  src/qemu/qemu_process.c          |  2 +-
> >  src/qemu/qemu_security.c         |  5 ++-
> >  src/qemu/qemu_security.h         |  1 +
> >  src/qemu/qemu_slirp.c            |  2 +-
> >  src/qemu/qemu_tpm.c              |  3 +-
> >  src/qemu/qemu_vhost_user_gpu.c   |  2 +-
> >  src/security/security_apparmor.c |  1 +
> >  src/security/security_dac.c      |  1 +
> >  src/security/security_driver.h   |  1 +
> >  src/security/security_manager.c  |  8 +++-
> >  src/security/security_manager.h  |  1 +
> >  src/security/security_nop.c      |  1 +
> >  src/security/security_selinux.c  | 77 ++++++++++++++++++++++++++++++--
> >  src/security/security_stack.c    |  5 ++-
> >  src/util/vircommand.c            | 51 ++++++++++++++++-----
> >  src/util/vircommand.h            |  1 +
> >  19 files changed, 143 insertions(+), 24 deletions(-)

Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>

> Does this mean, we should lift the temporary limitation documented in
> NEWS.rst?

Yes, we should definitely include that information in the release
notes. And since I've just pushed the patch that addresses the same
limitation for AppArmor, we can mention both in the same entry.

-- 
Andrea Bolognani / Red Hat / Virtualization





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux