Hello all,
tl;dr, can you point me to the point in the libvirt repo where it's trying to change a tap-device's SELinux label?
I am trying to create a tap device with libvirt on a super-privileged container, and then use it on another, unprivileged container with libvirt.
User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one - that I already did and it's not the issue.
But I have a problem when I open the tap device in the non-privileged container: the tap device currently has the spc_t label since the tun_socket inherited the selinux context from the super-privileged container who creates it. then libvirt is trying to change the SELinux labels, and since it's not privileged then it fails.
But I didn't find where and how libvirt is trying to change the tap device's label.
Can you point me to that specific code on libvirt?
