Re: [libvirt PATCH] docs: add page describing the libvirt daemons

On Thu, Mar 05, 2020 at 03:49:46PM +0100, Andrea Bolognani wrote: > I've spotted a few minor issues and I've fixed them, along with the > ones that Erik had already pointed out, in the attached patch. Please > squash it in before pushing. There's no patch attached.

> I've enabled split-daemon mode on my laptop and it seems to work > quite seamlessly; however, I had to put SELinux into Permissive mode > because I was getting > > audit[470365]: AVC avc: denied { search } for > pid=470365 comm="virtlogd" name="470092" dev="proc" ino=1314622 > scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:unconfined_service_t:s0 > tclass=dir permissive=0 There is an RFE open with SELinux maintainers to apply labelling to the new daemons. They all currently run unconfined_service_t. We requested to make them use virtd_t to have parity with libvirtd policy.