On 11/13/20 9:23 AM, Vasiliy Tolstov wrote:
But how about selinux? I'm run qemu-ga in guest and want to
modify the
authorized_keys file of some user? Do we need to extend the selinux
policy to allow modification of such files in all guests?
Yes we do. But since qemu-ga offers this under API it should be fairly
easy to argue that it should be allowed. It would be much harder to
advocate for selinux policy change using solely file APIs of qemu-ga.
Michal