[DSE-Dev] Bug#736909: where are we at with this?
Laurent Bigonville
bigon at debian.org
Tue Dec 27 20:49:47 UTC 2016
Hi Russell,
Le 27/12/16 à 13:20, Russell Coker a écrit :
> The lxc_contents file is in selinux-policy-default and a quick check indicates
> that the policy might be ok.
>
> What do we have to do to test it? I can provide root on a test system to
> anyone who wants to help test this.
>
The initial bug, the fact that libvirt is not starting is fixed at two
different level, libvirt now checks if the lxc_context file is present
or not before doing any SELinux operations and it's also fixed now that
the policy ships this file.
But I just tried now (with the refpolicy) and all the processes are
running under "system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023" (not sure
it's the one expected here), so we might have an other problem here.
My test case is quite easy, I've debootstrapped a debian unstable
(debootstrap sid /tmp/sid). Then in virt-manager, I've added a new "LXC"
connection and then created a new "system" container. And then started
that container.
More information about the SELinux-devel
mailing list