Re: [libvirt PATCH v6 35/36] run: add ability to set selinux context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/23/23 2:29 AM, Erik Skultety wrote:
On Tue, Aug 22, 2023 at 03:24:03PM +0200, Peter Krempa wrote:
On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote:
When running libvirt from the build directory with the 'run' script, it
will run as unconfined_t. This can result in unexpected behavior when
selinux is enforcing due to the fact that the selinux policies are
written assuming that libvirt is running with the
system_u:system_r:virtd_t context. This patch adds a new --selinux
option to the run script. When this option is specified, it will launch
the specified binary using the 'runcon' utility to set its selinux
context to the one mentioned above. Since this may require root
privileges, setting the selinux context is not the default behavior and
must be enabled with the command line switch.

Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
---
  run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------
  1 file changed, 80 insertions(+), 20 deletions(-)

Please send this one separately again. The idea of doing this is cool,
but I don't really fancy to review what's happening in 'run.in' at this
point.


No need actually - this patch has already been posted as a v2 here [1] and
ACKed by Martin Kletzander, but hasn't been pushed yet.

[1] https://listman.redhat.com/archives/libvir-list/2023-June/240358.html

Regards,
Erik


Oops, I pushed this one now.




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux