[PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs
Michal Privoznik
mprivozn at redhat.com
Fri Nov 13 14:35:40 UTC 2020
On 11/13/20 9:23 AM, Vasiliy Tolstov wrote:
> But how about selinux? I'm run qemu-ga in guest and want to modify the
> authorized_keys file of some user? Do we need to extend the selinux
> policy to allow modification of such files in all guests?
Yes we do. But since qemu-ga offers this under API it should be fairly
easy to argue that it should be allowed. It would be much harder to
advocate for selinux policy change using solely file APIs of qemu-ga.
Michal
More information about the libvir-list
mailing list