[libvirt PATCH v6 35/36] run: add ability to set selinux context
Peter Krempa
pkrempa at redhat.com
Tue Aug 22 13:24:03 UTC 2023
On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote:
> When running libvirt from the build directory with the 'run' script, it
> will run as unconfined_t. This can result in unexpected behavior when
> selinux is enforcing due to the fact that the selinux policies are
> written assuming that libvirt is running with the
> system_u:system_r:virtd_t context. This patch adds a new --selinux
> option to the run script. When this option is specified, it will launch
> the specified binary using the 'runcon' utility to set its selinux
> context to the one mentioned above. Since this may require root
> privileges, setting the selinux context is not the default behavior and
> must be enabled with the command line switch.
>
> Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
> ---
> run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------
> 1 file changed, 80 insertions(+), 20 deletions(-)
Please send this one separately again. The idea of doing this is cool,
but I don't really fancy to review what's happening in 'run.in' at this
point.
More information about the libvir-list
mailing list