Displaying 4 results from an estimated 4 matches for "migul".
Did you mean:
miguel
2020 Jul 14
2
Re: SELinux labels change in libvirt
...afraid due to security concerns.
Our plan (or at least this particular effort) is to try to relabel the
tun-socket after created in the super-privileged container to be the same
one as the one used in the unprivileged one, then it won't have an issue
consuming it.
btw the change I (or rather Migule's my teammate) made is in this PR, where
I want to add a tap device in virt-handler (i.e. the super privileged
container) to be further uses in virt-launcher (i.e. the non-privileged
container): https://github.com/kubevirt/kubevirt/pull/3290
>
> Regards,
> Daniel
> --
> |: http...
2020 Jul 14
0
Re: SELinux labels change in libvirt
...ns.
> Our plan (or at least this particular effort) is to try to relabel the
> tun-socket after created in the super-privileged container to be the same
> one as the one used in the unprivileged one, then it won't have an issue
> consuming it.
>
> btw the change I (or rather Migule's my teammate) made is in this PR, where
> I want to add a tap device in virt-handler (i.e. the super privileged
> container) to be further uses in virt-launcher (i.e. the non-privileged
> container): https://github.com/kubevirt/kubevirt/pull/3290
In normal host OS deployment, libvi...
2020 Jul 14
2
SELinux labels change in libvirt
Hello all,
tl;dr, can you point me to the point in the libvirt repo where it's trying
to change a tap-device's SELinux label?
I am trying to create a tap device with libvirt on a
super-privileged container, and then use it on another,
unprivileged container with libvirt.
User wise, I know I need the super-privileged container to open the tap
device with the user of the unprivileged one -
2020 Jul 16
1
Re: SELinux labels change in libvirt
...least this particular effort) is to try to relabel the
> > tun-socket after created in the super-privileged container to be the same
> > one as the one used in the unprivileged one, then it won't have an issue
> > consuming it.
> >
> > btw the change I (or rather Migule's my teammate) made is in this PR,
> where
> > I want to add a tap device in virt-handler (i.e. the super privileged
> > container) to be further uses in virt-launcher (i.e. the non-privileged
> > container): https://github.com/kubevirt/kubevirt/pull/3290
>
> In norm...