Re: [PATCH 1/3] qemu_passt: Don't make passt transition to svirt_t/virt_domain on start
On 2/22/23 12:30, Stefano Brivio wrote:
>
> I don't think we need such drastic measure. I think you can use:
>
> qemuPasstStart()
> {
>
>
> seclabel = virDomainDefGetSecurityLabelDef(vm->def, "selinux");
> s = context_new(seclabel->label);
> context_type_set(s, "virt_t);
> newLabel = context_str(s);
>
> virCommandSetSELinuxLabel(cmd, newLabel);
>
> virCommandRun();
> }
Yes, I actually tried something like this and it seemed to work, but I
didn't propose it as it looks (is) gross.
Agreed, it's not something I'd show to my kids, but it works.
On the other hand, if you think it's acceptable as a temporary
measure,
let me test it (in a bit). Thanks for the snippet.
Forgot to mention, it should be wrapped in #ifdef WITH_SELINUX as we
offer users to compile without SELinux support (e.g. FreeBSD which does
support QEMU but doesn't have SELinux, what a surprise, right?).
Michal