On Thu, 2020-03-05 at 14:57 +0000, Daniel P. Berrangé wrote:
On Thu, Mar 05, 2020 at 03:49:46PM +0100, Andrea Bolognani wrote:
I've spotted a few minor issues and I've fixed them, along with the ones that Erik had already pointed out, in the attached patch. Please squash it in before pushing.
There's no patch attached.
Oops :) I've actually attached it now.
I've enabled split-daemon mode on my laptop and it seems to work quite seamlessly; however, I had to put SELinux into Permissive mode because I was getting
audit[470365]: AVC avc: denied { search } for pid=470365 comm="virtlogd" name="470092" dev="proc" ino=1314622 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0
There is an RFE open with SELinux maintainers to apply labelling to the new daemons.
They all currently run unconfined_service_t.
We requested to make them use virtd_t to have parity with libvirtd policy.
That's great news! -- Andrea Bolognani / Red Hat / Virtualization