On Tue, Aug 22, 2023 at 03:24:03PM +0200, Peter Krempa wrote: > On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote: > > When running libvirt from the build directory with the 'run' script, it > > will run as unconfined_t. This can result in unexpected behavior when > > selinux is enforcing due to the fact that the selinux policies are > > written assuming that libvirt is running with the > > system_u:system_r:virtd_t context. This patch adds a new --selinux > > option to the run script. When this option is specified, it will launch > > the specified binary using the 'runcon' utility to set its selinux > > context to the one mentioned above. Since this may require root > > privileges, setting the selinux context is not the default behavior and > > must be enabled with the command line switch. > > > > Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx> > > --- > > run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------ > > 1 file changed, 80 insertions(+), 20 deletions(-) > > Please send this one separately again. The idea of doing this is cool, > but I don't really fancy to review what's happening in 'run.in' at this > point. > No need actually - this patch has already been posted as a v2 here [1] and ACKed by Martin Kletzander, but hasn't been pushed yet. [1] https://listman.redhat.com/archives/libvir-list/2023-June/240358.html Regards, Erik
