On Tue, Aug 13, 2013 at 01:10:11PM -0400, Dan Walsh wrote: > This will allow us to run sandbox as the calling process, If I am > running a shell as staff_u:unconfined_r:unconfined_t:s0, and I > execute virt-sandbox -c lxc/// -- /bin/sh > > /bin/sh will run as staff_u:unconfined_r:unconfined_t:s0 > --- > bin/virt-sandbox-service.pod | 6 +++++- > bin/virt-sandbox.c | 9 ++++++++- > configure.ac | 1 + > libvirt-sandbox.spec.in | 1 + > libvirt-sandbox/Makefile.am | 2 ++ > libvirt-sandbox/libvirt-sandbox-config.c | 14 ++++++++++++++ > m4/virt-selinux.m4 | 11 +++++++++++ > 7 files changed, 42 insertions(+), 2 deletions(-) > create mode 100644 m4/virt-selinux.m4 You've taken what was previously 3 separate patches fixing 3 separate bugs, and merged them into one giant patch. This is really bad - separate functional fixes must always be kept as separate patches. The actual changes look good, but please split it back up into 3 separate patches & repost. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list