search for: spc_t

...ainer with libvirt. User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one - that I already did and it's not the issue. But I have a problem when I open the tap device in the non-privileged container: the tap device currently has the spc_t label since the tun_socket inherited the selinux context from the super-privileged container who creates it. then libvirt is trying to change the SELinux labels, and since it's not privileged then it fails. But I didn't find where and how libvirt is trying to change the tap device's lab...

...the super-privileged container to open the tap > > device with the user of the unprivileged one - that I already did and > it's > > not the issue. > > But I have a problem when I open the tap device in the > > non-privileged container: the tap device currently has the spc_t label > > since the tun_socket inherited the selinux context from the > > super-privileged container who creates it. then libvirt is trying to > change > > the SELinux labels, and since it's not privileged then it fails. > > But I didn't find where and how libvirt...

...; > > > device with the user of the unprivileged one - that I already did and > > > it's > > > > not the issue. > > > > But I have a problem when I open the tap device in the > > > > non-privileged container: the tap device currently has the spc_t > label > > > > since the tun_socket inherited the selinux context from the > > > > super-privileged container who creates it. then libvirt is trying to > > > change > > > > the SELinux labels, and since it's not privileged then it fails. > &gt...

...User wise, I know I need the super-privileged container to open the tap > device with the user of the unprivileged one - that I already did and it's > not the issue. > But I have a problem when I open the tap device in the > non-privileged container: the tap device currently has the spc_t label > since the tun_socket inherited the selinux context from the > super-privileged container who creates it. then libvirt is trying to change > the SELinux labels, and since it's not privileged then it fails. > But I didn't find where and how libvirt is trying to change the...

...ainer to open the tap > > > device with the user of the unprivileged one - that I already did and > > it's > > > not the issue. > > > But I have a problem when I open the tap device in the > > > non-privileged container: the tap device currently has the spc_t label > > > since the tun_socket inherited the selinux context from the > > > super-privileged container who creates it. then libvirt is trying to > > change > > > the SELinux labels, and since it's not privileged then it fails. > > > But I didn't f...