On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote: > When running libvirt from the build directory with the 'run' script, it > will run as unconfined_t. This can result in unexpected behavior when > selinux is enforcing due to the fact that the selinux policies are > written assuming that libvirt is running with the > system_u:system_r:virtd_t context. This patch adds a new --selinux > option to the run script. When this option is specified, it will launch > the specified binary using the 'runcon' utility to set its selinux > context to the one mentioned above. Since this may require root > privileges, setting the selinux context is not the default behavior and > must be enabled with the command line switch. > > Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx> > --- > run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------ > 1 file changed, 80 insertions(+), 20 deletions(-) Please send this one separately again. The idea of doing this is cool, but I don't really fancy to review what's happening in 'run.in' at this point.
