<div dir="ltr">Hello all,<div><br></div><div>tl;dr, can you point me to the point in the libvirt repo where it's trying to change a tap-device's SELinux label?</div><div><br></div><div>I am trying to create a tap device with libvirt on a super-privileged container, and then use it on another, unprivileged container with libvirt. </div><div><span style="color:rgb(32,33,36);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgb(248,249,250)">User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one - that I already did and it's not the issue.</span><br></div><div>But I have a problem when I open the tap device in the non-privileged container: the tap device currently has the spc_t label since the tun_socket inherited the selinux context from the super-privileged container who creates it. then libvirt is trying to change the SELinux labels, and since it's not privileged then it fails.</div><div>But I didn't find where and how libvirt is trying to change the tap device's label.</div><div><br></div><div>Can you point me to that specific code on libvirt?</div><div><br></div><div><div><div dir="ltr" data-smartmail="gmail_signature"><div dir="ltr"><p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px"><span>Ram</span> <span>Lavi</span><span style="text-transform:uppercase;color:rgb(170,170,170);margin:0px"></span></p><p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px"><span>Senior Software Engineer</span></p><p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px 0px 4px;font-size:12px"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat <span>Israel</span></a></p><div style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:medium;margin-bottom:4px"><span><p style="font-size:12px;margin:0px">Yerushalaim Road 34, Ra'anana</p></span></div><p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px;font-size:12px"><span style="margin:0px;padding:0px"><a href="mailto:ralavi@redhat.com" style="color:rgb(0,0,0);margin:0px" target="_blank">ralavi@redhat.com</a>   </span> <span>IM: <span>ralavi</span></span></p><div style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin-bottom:8px"><div><a href="https://twitter.com/redhat" title="twitter" style="background:url("https://static.redhat.com/libs/redhat/brand-assets/2/social/social-media--twitter--53x53.png") 0px 50%/14px no-repeat transparent;color:rgb(0,0,0);display:inline-block;line-height:20px;padding-left:14px" target="_blank"><span style="margin-left:2px">@RedHat</span></a>   <a href="https://www.linkedin.com/company/red-hat" title="LinkedIn" style="background:url("https://static.redhat.com/libs/redhat/brand-assets/2/social/social-media--linkedin--53x46.png") 0px 50%/14px no-repeat transparent;color:rgb(0,0,0);display:inline-block;line-height:20px;padding-left:14px;margin:0px 4px 0px 3px;padding-top:1px" target="_blank"><span style="margin-left:4px">Red Hat</span></a>  <a href="https://www.facebook.com/RedHatInc" title="Facebook" style="background:url("https://static.redhat.com/libs/redhat/brand-assets/2/social/social-media--facebook--53x13.png") 0px 50%/9px no-repeat transparent;color:rgb(0,0,0);display:inline-block;line-height:20px;padding-left:12px;padding-top:1px" target="_blank"><span>Red Hat</span></a></div></div><div style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:medium;margin-top:12px"><table border="0"><tbody><tr><td width="100px"><a href="https://www.redhat.com/" target="_blank"><img src="https://static.redhat.com/libs/redhat/brand-assets/2/corp/logo--200.png" width="90" height="auto"></a></td></tr></tbody></table></div></div></div></div></div></div>