[PATCH v2] Add SELinux policy for virt
Vit Mojzis
vmojzis at redhat.com
Wed Apr 7 13:14:58 UTC 2021
Sorry for the long delay. This is our first request to ship a policy for
multiple selinux stores (targeted, mls and minimum).
Changes:
* Replace all selinux-policy-%{policytype} dependencies with selinux-policy-base
* Add Ghost files representing installed policy modules in all policy stores
* Rewrite policy compilation script in python
* Compile the policy module twice (1 version for targeted/minimum - with
enable_mcs, and 1 for mls - with enable_mls)
* Manage policy (un)installation using triggers based on which policy
type is available
The new policy was only tested in "targeted" mode so far and we'll need to make
sure it works properly in "mls". As for "minimum", we know it will not
work properly (as is the case of the current policy) by default (some
other "contrib" policy modules need to be enabled).
I'd argue there is no point trying to get it to work in "minimum",
mostly because it (minimum) will be retired soon.
More information about the libvir-list
mailing list