Re: [libvirt] [PATCHv5 00/13] outgoing fd: migration and virFileOpenAs

This addresses the comments raised during v4: https://www.redhat.com/archives/libvir-list/2011-March/msg00421.html More comments in individual patches. It could still use a bit more testing with root-squash NFS, and I'm also hitting a problem where if I run daemon/libvirtd myself, I get a SELinux error: error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c80,c237' on fd 23: Permission denied but if I run the system service libvirtd or SELinux permissive, things work. Somehow, the attempt to set the fd SELinux label on a pipe is not working when libvirt is started as an unconfined process (that is, the fd has label unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023) but when started as a daemon, SELinux is happy to allow the transition. I suspect that this is a bug in SELinux, since my understanding is that it should always be possible to go from unconfined to something more restrictive, but we already proved that SELinux fd labelling is relatively unused and untested back when we first added it in commit 34a19dda. If possible, I'd like to get this in before the 0.9.0 freeze, and we can fix any fallout from testing during the freeze week.