[libvirt PATCH 00/13] selinux: introduce sVirt policy and build

Fri Aug 6 17:47:57 UTC 2021

This is an extension of

  https://listman.redhat.com/archives/libvir-list/2021-July/msg00167.html

The original patches from that series are unchanged apart from the
commit message, and tweak to the min fedora version in the RPM.

I then include various refactors/cleanups.

On Fedora 34 I notice the following:

../src/security/selinux/virt.te:579: Warning: fs_rw_anon_inodefs_files(virtd_t) has been deprecated. All calls can be safely removed.
../src/security/selinux/virt.te:580: Warning: fs_list_inotifyfs(virtd_t) has been deprecated. All calls can be safely removed.
../src/security/selinux/virt.te:985: Warning: fs_rw_anon_inodefs_files(virt_domain) has been deprecated. All calls can be safely removed.
../src/security/selinux/virt.te:1520: Warning: fs_list_inotifyfs(svirt_sandbox_domain) has been deprecated. All calls can be safely removed.

assuming those warnings are correct, we can delete a few things
from the policy, but that's not done here.

Daniel P. Berrangé (10):
  selinux: remove redundant use of 'set_variable' function
  selinux: move selinux policy build helper to scripts directory
  selinux: don't hardcode paths to selinux tools
  selinux: don't hardcode policy include files directory
  rpm: move logic for setting selinux policy variables
  rpm: rename selinux variables to improve clarity
  selinux: introduce meson option for selinux policy install
  selinux: remove duplicate sources list for policy
  scripts: use variables for cli args in selinux helper
  scripts: factor repeated path joins from selinux helper

Nikola Knazekova (1):
  security: add SELinux policy for virt

Vit Mojzis (2):
  selinux: introduce build, install, packaging for selinux policy
  Install selinux-policy-devel in test environment

 ci/containers/centos-8.Dockerfile             |    1 +
 ci/containers/centos-stream-8.Dockerfile      |    1 +
 ci/containers/fedora-33.Dockerfile            |    1 +
 ci/containers/fedora-34.Dockerfile            |    1 +
 .../fedora-rawhide-cross-mingw32.Dockerfile   |    1 +
 .../fedora-rawhide-cross-mingw64.Dockerfile   |    1 +
 ci/containers/fedora-rawhide.Dockerfile       |    1 +
 libvirt.spec.in                               |  100 +
 meson.build                                   |    1 +
 meson_options.txt                             |    2 +
 scripts/meson.build                           |    1 +
 scripts/selinux-compile-policy.py             |  156 ++
 src/security/meson.build                      |    2 +
 src/security/selinux/mcs/meson.build          |   17 +
 src/security/selinux/meson.build              |   45 +
 src/security/selinux/mls/meson.build          |   17 +
 src/security/selinux/virt.fc                  |  111 +
 src/security/selinux/virt.if                  | 1984 ++++++++++++++++
 src/security/selinux/virt.te                  | 2078 +++++++++++++++++
 19 files changed, 4521 insertions(+)
 create mode 100755 scripts/selinux-compile-policy.py
 create mode 100644 src/security/selinux/mcs/meson.build
 create mode 100644 src/security/selinux/meson.build
 create mode 100644 src/security/selinux/mls/meson.build
 create mode 100644 src/security/selinux/virt.fc
 create mode 100644 src/security/selinux/virt.if
 create mode 100644 src/security/selinux/virt.te

-- 
2.31.1