[libvirt PATCH v2] run: add ability to set selinux context
Martin Kletzander
mkletzan at redhat.com
Tue Jul 25 14:00:17 UTC 2023
On Wed, Jun 21, 2023 at 02:43:03PM -0500, Jonathon Jongsma wrote:
>When running libvirt from the build directory with the 'run' script, it
>will run as unconfined_t. This can result in unexpected behavior when
>selinux is enforcing due to the fact that the selinux policies are
>written assuming that libvirt is running with the
>system_u:system_r:virtd_t context. This patch adds a new --selinux
>option to the run script. When this option is specified, it will launch
>the specified binary using the 'runcon' utility to set its selinux
>context to the one mentioned above. Since this may require root
>privileges, setting the selinux context is not the default behavior and
>must be enabled with the command line switch.
>
>Note that this uses argparse to parse the new option, but it does so in
>a very limited way in order to avoid interfering with any arguments that
>the user might want to pass on to libvirt. For example, we do not
>provide a `--help` option for the run script.
>
>Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230725/d2106d2c/attachment.sig>
More information about the libvir-list
mailing list