On Thu, Jun 3 2021 at 08:56:46 PM -0400, Link Dupont <link@sub-pop.net> wrote:
reproducible scenarios
Alright. I reran my tests with a CentOS 8 guest. On CentOS 8 (with a virtiofs filesystem and with xattr on), the type of files in the mounted hierarchy are unlabeled_t. I can work around that by switching SELinux in the guest to permissive or disabled. With a CentOS 7 guest, things get less usable. I digested this to a reproducible scenario. Build a disk image with `virt-builder`, configuring the CentOS Plus kernel to get 9p support. virt-builder centos-7.8 \ --root-password password:centos \ --output centos-7.8.qcow2 \ --install yum-utils \ --run-command 'yum-config-manager --enable centosplus' \ --run-command 'sed -ie "s/DEFAULTKERNEL=kernel/DEFAULTKERNEL=kernel-plus/" /etc/sysconfig/kernel' \ --append-line '/etc/dracut.conf.d/virtio.conf:add_drivers+="virtio_scsi virtio_pci virtio_console"' \ --append-line '/etc/modules-load.d/9pnet_virtio.conf:9pnet_virtio' \ --install kernel-plus \ --append-line '/etc/fstab:home /home 9p trans=virtio,version=9p2000.L 0 0' Install the volume into the `default` pool. sudo install -m644 centos-7.8.qcow2 /var/lib/libvirt/images Next, define a domain using the disk image (using `virt-install` here for "easy mode"). virt-install \ --import \ --os-variant centos7.0 \ --name centos \ --ram 2048 \ --disk path=/var/lib/libvirt/images/centos-7.8.qcow2 \ --memorybacking access.mode=shared \ --filesystem source=/home,target=home,accessmode=passthrough \ --autoconsole none Now with SELinux enforcing, I cannot list the contents of the directories in the mounted hierarchy. [root@localhost ~]# ls -lZ /home/link ls: cannot open directory /home/link: Permission denied