On Thu, Jul 20, 2023 at 17:20:02 -0500, Jonathon Jongsma wrote:
When running libvirt from the build directory with the 'run' script, it will run as unconfined_t. This can result in unexpected behavior when selinux is enforcing due to the fact that the selinux policies are written assuming that libvirt is running with the system_u:system_r:virtd_t context. This patch adds a new --selinux option to the run script. When this option is specified, it will launch the specified binary using the 'runcon' utility to set its selinux context to the one mentioned above. Since this may require root privileges, setting the selinux context is not the default behavior and must be enabled with the command line switch.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> --- run.in | 100 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 80 insertions(+), 20 deletions(-)
Please send this one separately again. The idea of doing this is cool, but I don't really fancy to review what's happening in 'run.in' at this point.