[libvirt] same issue on selinux Re: [PATCH 1/2] apparmor: Allow access to filesystem mounts
Hi,
Thanks for merging the apparmor handle 9pfs patch!
On 2014 03 10 00:03, Felix Geyer wrote:>
On 28.02.2014 21:36, Serge Hallyn wrote:
> a separate patch was posted to a new launchpad bug which does a
> bit more sanity checking on the values passed in, so I went
> ahead and merged the two. I did however notice that there is
> no Signed-off-by for Felix. Felix, are you ok with this new
> version?
Yes, your merged patch looks fine except it still uses // instead of /* ... */
for the comment.
I have fixed that so hopefully this patch can be committed now.
Felix Geyer (1):
virt-aa-helper: handle 9pfs
src/security/virt-aa-helper.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
I also have an issue related that selinux don't allow filesystem mounts.
There is a work around for it.
When a host directory to be shared is `/share` ,
running following command on host makes things working.
```bash
sudo semanage fcontext -a -t virt_content_t "/share(/.*)?"
sudo restorecon -R /share
```
IMO it is neccesary to fix
/* XXX fixme process def->fss if relabel == true */
part of src/security/security_selinux.c
Hiroshi
--
Hiroshi Miura
OpenStreetMap Foundation Japan