search for: migul

...afraid due to security concerns. Our plan (or at least this particular effort) is to try to relabel the tun-socket after created in the super-privileged container to be the same one as the one used in the unprivileged one, then it won't have an issue consuming it. btw the change I (or rather Migule's my teammate) made is in this PR, where I want to add a tap device in virt-handler (i.e. the super privileged container) to be further uses in virt-launcher (i.e. the non-privileged container): https://github.com/kubevirt/kubevirt/pull/3290 > > Regards, > Daniel > -- > |: http...

...ns. > Our plan (or at least this particular effort) is to try to relabel the > tun-socket after created in the super-privileged container to be the same > one as the one used in the unprivileged one, then it won't have an issue > consuming it. > > btw the change I (or rather Migule's my teammate) made is in this PR, where > I want to add a tap device in virt-handler (i.e. the super privileged > container) to be further uses in virt-launcher (i.e. the non-privileged > container): https://github.com/kubevirt/kubevirt/pull/3290 In normal host OS deployment, libvi...

Hello all, tl;dr, can you point me to the point in the libvirt repo where it's trying to change a tap-device's SELinux label? I am trying to create a tap device with libvirt on a super-privileged container, and then use it on another, unprivileged container with libvirt. User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one -

...least this particular effort) is to try to relabel the > > tun-socket after created in the super-privileged container to be the same > > one as the one used in the unprivileged one, then it won't have an issue > > consuming it. > > > > btw the change I (or rather Migule's my teammate) made is in this PR, > where > > I want to add a tap device in virt-handler (i.e. the super privileged > > container) to be further uses in virt-launcher (i.e. the non-privileged > > container): https://github.com/kubevirt/kubevirt/pull/3290 > > In norm...