[libvirt PATCH v6 35/36] run: add ability to set selinux context
Jonathon Jongsma
jjongsma at redhat.com
Wed Aug 23 20:18:30 UTC 2023
On 8/23/23 2:29 AM, Erik Skultety wrote:
> On Tue, Aug 22, 2023 at 03:24:03PM +0200, Peter Krempa wrote:
>> On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote:
>>> When running libvirt from the build directory with the 'run' script, it
>>> will run as unconfined_t. This can result in unexpected behavior when
>>> selinux is enforcing due to the fact that the selinux policies are
>>> written assuming that libvirt is running with the
>>> system_u:system_r:virtd_t context. This patch adds a new --selinux
>>> option to the run script. When this option is specified, it will launch
>>> the specified binary using the 'runcon' utility to set its selinux
>>> context to the one mentioned above. Since this may require root
>>> privileges, setting the selinux context is not the default behavior and
>>> must be enabled with the command line switch.
>>>
>>> Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
>>> ---
>>> run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------
>>> 1 file changed, 80 insertions(+), 20 deletions(-)
>>
>> Please send this one separately again. The idea of doing this is cool,
>> but I don't really fancy to review what's happening in 'run.in' at this
>> point.
>>
>
> No need actually - this patch has already been posted as a v2 here [1] and
> ACKed by Martin Kletzander, but hasn't been pushed yet.
>
> [1] https://listman.redhat.com/archives/libvir-list/2023-June/240358.html
>
> Regards,
> Erik
>
Oops, I pushed this one now.
More information about the libvir-list
mailing list