[libvirt] same issue on selinux Re: [PATCH 1/2] apparmor: Allow access to filesystem mounts
Hiroshi Miura
miurahr at linux.com
Fri Mar 21 06:44:37 UTC 2014
Hi,
Thanks for merging the apparmor handle 9pfs patch!
On 2014 03 10 00:03, Felix Geyer wrote:>
> On 28.02.2014 21:36, Serge Hallyn wrote:
>> a separate patch was posted to a new launchpad bug which does a
>> bit more sanity checking on the values passed in, so I went
>> ahead and merged the two. I did however notice that there is
>> no Signed-off-by for Felix. Felix, are you ok with this new
>> version?
>
> Yes, your merged patch looks fine except it still uses // instead of /* ... */
> for the comment.
>
> I have fixed that so hopefully this patch can be committed now.
>
> Felix Geyer (1):
> virt-aa-helper: handle 9pfs
>
> src/security/virt-aa-helper.c | 32 ++++++++++++++++++++++++++------
> 1 file changed, 26 insertions(+), 6 deletions(-)
>
I also have an issue related that selinux don't allow filesystem mounts.
There is a work around for it.
When a host directory to be shared is `/share` ,
running following command on host makes things working.
```bash
sudo semanage fcontext -a -t virt_content_t "/share(/.*)?"
sudo restorecon -R /share
```
IMO it is neccesary to fix
/* XXX fixme process def->fss if relabel == true */
part of src/security/security_selinux.c
Hiroshi
--
Hiroshi Miura
OpenStreetMap Foundation Japan
More information about the libvir-list
mailing list