libvirt-selinux.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is my attempt at getting libvirt to work on an MLS machine.

This patch attempts to take the current context

libvirtcon = "system_u:system_r:virtd_t:SystemLow-SystemHigh"

The the label of the virtual machine

svirtcon = "system_u:system_r:virtd_t:TopSecret"

Create a new context

newcon = "system_u:system_r:virtd_t:TopSecret"

Then call setsockcreatecon(newcon)

Could you guys check the SELinux parts of this and make sure it matches
your expectations.

The patch does not work, because I think something is wrong with
libvirt, it does not call qemuConnectMonitor?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvtrm4ACgkQrlYvE4MpobOQ8gCcCeKTKyApgSUwZpfa4M/5XL7y
ucoAoONXiiG22C2oSekqLEnteusxwHsb
=NiF4
-----END PGP SIGNATURE-----

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: Shaz: "Howto enable or disable clipboard with selinux?"
• Previous message: Daniel J Walsh: "Re: policycoreutils, sepolgen (sepolgen-ifgen) issues on Debian"
• Next in thread: Daniel P. Berrange: "Re: libvirt-selinux.patch"
• Reply: Daniel P. Berrange: "Re: libvirt-selinux.patch"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]