On Thu, Jul 22, 2021 at 05:32:40PM +0100, Richard W.M. Jones wrote:
> Under SELinux, Unix domain sockets have two labels. One is on the
> disk and can be set with commands such as chcon(1). There is a
> different label stored in memory (called the process label). This can
> only be set by the
Under SELinux, Unix domain sockets have two labels. One is on the
disk and can be set with commands such as chcon(1). There is a
different label stored in memory (called the process label). This can
only be set by the process creating the socket. When using SELinux +
SVirt and wanting qemu to
https://bugzilla.redhat.com/show_bug.cgi?id=1984938
The purpose of the patch is explained in the commit message / bug. In
the cover I want to explain a couple of design choices.
If libselinux isn't available at build time then the --selinux-label
option is still present. It does not appear in
