On Thu, Jun 04, 2020 at 08:44:07PM +0200, Michal Privoznik wrote:
For the case where -fw_cfg uses a file, we need to set the seclabels on it to allow QEMU the access. While QEMU allows writing into the file (if specified on the command line), so far we are enabling reading only and thus we can use read only label (in case of SELinux).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 50 +++++++++++++++++++++++++++++++++ src/security/security_selinux.c | 50 +++++++++++++++++++++++++++++++++ src/security/virt-aa-helper.c | 12 ++++++++ 3 files changed, 112 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|