search for: svirt_tcg_t

While svirt_t can be used for sockets it does not always guarantee that it will be accessible from a virtual machine. The VM might be running under svirt_tcg_t context which will need a svirt_tcg_t label on the socket in order to access it. There is, however, another label, svirt_socket_t, which is accessible from virt_domain: # sesearch -A -s svirt_t -c unix_stream_socket -p connectto ... allow virt_domain svirt_socket_t:unix_stream_socket { ......

On Mon, May 27, 2019 at 01:30:05PM +0200, Martin Kletzander wrote: > While svirt_t can be used for sockets it does not always guarantee that it will > be accessible from a virtual machine. The VM might be running under svirt_tcg_t > context which will need a svirt_tcg_t label on the socket in order to access it. I don't really know enough about SELinux or the sVirt policy to comment on this, but it's plausible so I'll push it soon, thanks. Rich. > There is, however, another label, svirt_socket_t, which i...

On Sat, Jun 03, 2017 at 05:20:47PM -0400, Michael C Cambria wrote: >I also tried stopping libvirtd, renaming both qemu-system-i386 and >qemu-system-x86_64, start libvirtd. Things get further along; dnsmasq >log messages show up. > >$ sudo systemctl status libvirtd.service >● libvirtd.service - Virtualization daemon > Loaded: loaded

...lags=a 2017-06-04 00:04:14.305+0000: 3379: debug : virSecuritySELinuxInitialize:561 : SELinuxInitialize QEMU 2017-06-04 00:04:14.307+0000: 3379: debug : virSecuritySELinuxQEMUInitialize:516 : Loaded domain context 'system_u:system_r:svirt_t:s0', alt domain context 'system_u:system_r:svirt_tcg_t:s0' 2017-06-04 00:04:14.307+0000: 3379: debug : virSecuritySELinuxQEMUInitialize:537 : Loaded file context 'system_u:object_r:svirt_image_t:s0', content context 'system_u:object_r:virt_content_t:s0' 2017-06-04 00:04:14.307+0000: 3379: debug : virSecurityManagerNewDriver:86 :...

...4 00:04:14.305+0000: 3379: debug : >virSecuritySELinuxInitialize:561 : SELinuxInitialize QEMU >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecuritySELinuxQEMUInitialize:516 : Loaded domain context >'system_u:system_r:svirt_t:s0', alt domain context >'system_u:system_r:svirt_tcg_t:s0' >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecuritySELinuxQEMUInitialize:537 : Loaded file context >'system_u:object_r:svirt_image_t:s0', content context >'system_u:object_r:virt_content_t:s0' >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecurityM...

On Tue, Jul 14, 2020 at 6:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 04:02:17PM +0300, Ram Lavi wrote: > > On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> > > wrote: > > > > > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > > > Hello all, > > > > > >

...: debug : >> virSecuritySELinuxInitialize:561 : SELinuxInitialize QEMU >> 2017-06-04 00:04:14.307+0000: 3379: debug : >> virSecuritySELinuxQEMUInitialize:516 : Loaded domain context >> 'system_u:system_r:svirt_t:s0', alt domain context >> 'system_u:system_r:svirt_tcg_t:s0' >> 2017-06-04 00:04:14.307+0000: 3379: debug : >> virSecuritySELinuxQEMUInitialize:537 : Loaded file context >> 'system_u:object_r:svirt_image_t:s0', content context >> 'system_u:object_r:virt_content_t:s0' >> 2017-06-04 00:04:14.307+0000: 3379:...