On Fri, Mar 10, 2023 at 12:58:46PM +0100, Michal Prívozník wrote: > On 3/9/23 05:49, Laine Stump wrote: > > Laine Stump (4): > > util: add an API to retrieve the resolved path to a virCommand's > > binary > > security: make args to virSecuritySELinuxContextAddRange() const > > security: make it possible to set SELinux label of child process from > > its binary > > qemu: set SELinux label of passt process to its own binary's label > > > > src/libvirt_private.syms | 1 + > > src/qemu/qemu_dbus.c | 2 +- > > src/qemu/qemu_passt.c | 2 +- > > src/qemu/qemu_process.c | 2 +- > > src/qemu/qemu_security.c | 5 ++- > > src/qemu/qemu_security.h | 1 + > > src/qemu/qemu_slirp.c | 2 +- > > src/qemu/qemu_tpm.c | 3 +- > > src/qemu/qemu_vhost_user_gpu.c | 2 +- > > src/security/security_apparmor.c | 1 + > > src/security/security_dac.c | 1 + > > src/security/security_driver.h | 1 + > > src/security/security_manager.c | 8 +++- > > src/security/security_manager.h | 1 + > > src/security/security_nop.c | 1 + > > src/security/security_selinux.c | 77 ++++++++++++++++++++++++++++++-- > > src/security/security_stack.c | 5 ++- > > src/util/vircommand.c | 51 ++++++++++++++++----- > > src/util/vircommand.h | 1 + > > 19 files changed, 143 insertions(+), 24 deletions(-) Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> > Does this mean, we should lift the temporary limitation documented in > NEWS.rst? Yes, we should definitely include that information in the release notes. And since I've just pushed the patch that addresses the same limitation for AppArmor, we can mention both in the same entry. -- Andrea Bolognani / Red Hat / Virtualization