[libvirt PATCH 0/4] qemu/security: start passt process with correct SELinux label
Andrea Bolognani
abologna at redhat.com
Fri Mar 10 14:39:20 UTC 2023
On Fri, Mar 10, 2023 at 12:58:46PM +0100, Michal Prívozník wrote:
> On 3/9/23 05:49, Laine Stump wrote:
> > Laine Stump (4):
> > util: add an API to retrieve the resolved path to a virCommand's
> > binary
> > security: make args to virSecuritySELinuxContextAddRange() const
> > security: make it possible to set SELinux label of child process from
> > its binary
> > qemu: set SELinux label of passt process to its own binary's label
> >
> > src/libvirt_private.syms | 1 +
> > src/qemu/qemu_dbus.c | 2 +-
> > src/qemu/qemu_passt.c | 2 +-
> > src/qemu/qemu_process.c | 2 +-
> > src/qemu/qemu_security.c | 5 ++-
> > src/qemu/qemu_security.h | 1 +
> > src/qemu/qemu_slirp.c | 2 +-
> > src/qemu/qemu_tpm.c | 3 +-
> > src/qemu/qemu_vhost_user_gpu.c | 2 +-
> > src/security/security_apparmor.c | 1 +
> > src/security/security_dac.c | 1 +
> > src/security/security_driver.h | 1 +
> > src/security/security_manager.c | 8 +++-
> > src/security/security_manager.h | 1 +
> > src/security/security_nop.c | 1 +
> > src/security/security_selinux.c | 77 ++++++++++++++++++++++++++++++--
> > src/security/security_stack.c | 5 ++-
> > src/util/vircommand.c | 51 ++++++++++++++++-----
> > src/util/vircommand.h | 1 +
> > 19 files changed, 143 insertions(+), 24 deletions(-)
Reviewed-by: Andrea Bolognani <abologna at redhat.com>
> Does this mean, we should lift the temporary limitation documented in
> NEWS.rst?
Yes, we should definitely include that information in the release
notes. And since I've just pushed the patch that addresses the same
limitation for AppArmor, we can mention both in the same entry.
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list