Hi Russell,
Le 27/12/16 à 13:20, Russell Coker a écrit :
The lxc_contents file is in selinux-policy-default and a quick check indicates that the policy might be ok. What do we have to do to test it? I can provide root on a test system to anyone who wants to help test this.
The initial bug, the fact that libvirt is not starting is fixed at two different level, libvirt now checks if the lxc_context file is present or not before doing any SELinux operations and it's also fixed now that the policy ships this file.
But I just tried now (with the refpolicy) and all the processes are running under "system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023" (not sure it's the one expected here), so we might have an other problem here.
My test case is quite easy, I've debootstrapped a debian unstable (debootstrap sid /tmp/sid). Then in virt-manager, I've added a new "LXC" connection and then created a new "system" container. And then started that container.
