From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BTpcxmyR;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id 75F1E5A0638
	for <passt-dev@passt.top>; Fri, 14 Feb 2025 14:37:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1739540230;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Lg1T6CCZ2NyImDLWnoa++uJFCMIhLh73AjTDYZb31ZQ=;
	b=BTpcxmyRz/O+IonYhKS/lPy9kZxppzOTeJr+jVwFtKb0f3awxKbJ+3o/5R9qk/cl83F/TB
	WUrb+NAQWZSef0/vUxf5s99IkQXd5fr7fZtAB9b6mAG6Bcubx67IiU5vgf11zdZhzSIv5Z
	eifR12fzbohCsJ9ZHpavwZE3NPu4NMo=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-639-yygVI5umOdWGlzSd05ZCfw-1; Fri, 14 Feb 2025 08:37:09 -0500
X-MC-Unique: yygVI5umOdWGlzSd05ZCfw-1
X-Mimecast-MFC-AGG-ID: yygVI5umOdWGlzSd05ZCfw_1739540228
Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4388eee7073so16736775e9.0
        for <passt-dev@passt.top>; Fri, 14 Feb 2025 05:37:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739540227; x=1740145027;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Lg1T6CCZ2NyImDLWnoa++uJFCMIhLh73AjTDYZb31ZQ=;
        b=ap53BQEfrZDeSVbT6XlkmG+MmPlsSgtUQWwYhqp5bRl37nugHycVXkDLU2hhCmQbCF
         KqtuRjzekaIdT9GyC+3iSugJ8A626IlyM4cwIVfYprbewgMBar0bgDmW/AmEMq3b5BM4
         64napiEBQ7w5M04qtGJShg9O3J1YYnx0FtGoXZwIx2wdTCZjGKDMcqsERkglLCNuYrU6
         mbzIkZhzsuJ4STrUWo+YeJ6c7ID4a4qrgzrOWw/RnDlV31sMss0pjpHL+0QU2exx+UUa
         W8+eviAjWmNQ+IW8fpoht1iiRTVjqtvA8XCrKavTNcmhewmwhEQKNV4ruG7v2R0hU/f2
         83lw==
X-Gm-Message-State: AOJu0YyIdZTUnZKE6MFSNTpZt66CE/Tp37ePtvWepLbmo/E08N5sBuFK
	xAHASs5rL4nEH5goXKIaSOTI0DKDatZaeg6kYl7D17CdOWJL9b6vdI7rvN2c1G0o/EG6KgwLELZ
	p0WJt9RpGtWjFR0LWQrGgQHh3utRUkAA+5JZiFdaV1Hr7KnJ+aLztuYSD1AsCVleAX2dq2YqRjV
	YbYKpuvt85xspJnZWue9NJDY4rpDHjmxk2
X-Gm-Gg: ASbGnct/an1QjRd1jAs8avrrUrSwvEnvQDB3hPv9te7+4Oa62n8uXcdOulNKFuEhxNp
	YJBAVPuxv3mK5kyQldE17ievXx6s7Slk8Vj7QH8C2vFIlaLYQhq90LSE8F6nNNP6ktQg0/u5GbN
	5LwPO9AzQNd7vbUHI2BgBn77sKl+xWGs0PQchOmSMw9+lXnW5k768X2kE70ghXmrkgDgxF0fQN+
	XItW2MPGIyDFUJhuv+lXGet4KJr5o27sFO3PJha9wJWDzENeNpR1d8AGNadRHpWGkZYkNN8SnHc
	09vVZ6APxqcTOnnG
X-Received: by 2002:a05:600c:1c97:b0:434:f3d8:62db with SMTP id 5b1f17b1804b1-43960d7d819mr86400485e9.2.1739540227413;
        Fri, 14 Feb 2025 05:37:07 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGUirqVzGXc7pOo3ftj4R21mssADNJEGHCvjYB3fT2t3pRoRHP8JZw/xAXuSep8yD48UHwHxw==
X-Received: by 2002:a05:600c:1c97:b0:434:f3d8:62db with SMTP id 5b1f17b1804b1-43960d7d819mr86400155e9.2.1739540227050;
        Fri, 14 Feb 2025 05:37:07 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38f259d5d8bsm4651183f8f.70.2025.02.14.05.37.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 14 Feb 2025 05:37:06 -0800 (PST)
Date: Fri, 14 Feb 2025 14:37:05 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: Andrea Bolognani <abologna@redhat.com>
Subject: Re: [PATCH] contrib/selinux: Enable mapping guest memory for
 libvirt guests
Message-ID: <20250214143705.0ca05b19@elisabeth>
In-Reply-To: <CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com>
References: <20250213221642.4085986-1-sbrivio@redhat.com>
	<CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: TQFXpehoYobP46p5ufcLzyIEnK38MuG2gK5qJF9HUX4_1739540228
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: BUNPFRXEMS3X5KKZ23POH3B2XKBSED7W
X-Message-ID-Hash: BUNPFRXEMS3X5KKZ23POH3B2XKBSED7W
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Laine Stump <laine@redhat.com>, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250214143705.0ca05b19@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/BUNPFRXEMS3X5KKZ23POH3B2XKBSED7W/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Fri, 14 Feb 2025 05:30:44 -0800
Andrea Bolognani <abologna@redhat.com> wrote:

> On Thu, Feb 13, 2025 at 11:16:42PM +0100, Stefano Brivio wrote:
> > This doesn't actually belong to passt's own policy: we should export
> > an interface and libvirt's policy should use it, because passt's
> > policy shouldn't be aware of svirt_image_t at all.
> >
> > However, libvirt doesn't maintain its own policy, which makes policy
> > updates rather involved. Add this workaround to ensure --vhost-user
> > is working in combination with libvirt, as it might take ages before
> > we can get the proper rule in libvirt's policy.  
> 
> Is the need to update libvirt's policy for these passt changes being
> tracked anywhere?

No. :)

> Because if not it will not take ages, it will simply never happen.

It will happen. :)

> Especially if a workaround in passt's policy effectively sweeps the
> issue under the rug.

I'll take up the rug next week. :)

-- 
Stefano