public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: Andrea Bolognani <abologna@redhat.com>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top, Laine Stump <laine@redhat.com>,
	Laurent Vivier <lvivier@redhat.com>
Subject: Re: [PATCH] contrib/selinux: Enable mapping guest memory for libvirt guests
Date: Fri, 14 Feb 2025 05:30:44 -0800	[thread overview]
Message-ID: <CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com> (raw)
In-Reply-To: <20250213221642.4085986-1-sbrivio@redhat.com>

On Thu, Feb 13, 2025 at 11:16:42PM +0100, Stefano Brivio wrote:
> This doesn't actually belong to passt's own policy: we should export
> an interface and libvirt's policy should use it, because passt's
> policy shouldn't be aware of svirt_image_t at all.
>
> However, libvirt doesn't maintain its own policy, which makes policy
> updates rather involved. Add this workaround to ensure --vhost-user
> is working in combination with libvirt, as it might take ages before
> we can get the proper rule in libvirt's policy.

Is the need to update libvirt's policy for these passt changes being
tracked anywhere? Because if not it will not take ages, it will
simply never happen. Especially if a workaround in passt's policy
effectively sweeps the issue under the rug.

-- 
Andrea Bolognani / Red Hat / Virtualization


  reply	other threads:[~2025-02-14 13:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-13 22:16 [PATCH] contrib/selinux: Enable mapping guest memory for libvirt guests Stefano Brivio
2025-02-14 13:30 ` Andrea Bolognani [this message]
2025-02-14 13:37   ` Stefano Brivio
2025-02-20 16:28     ` Stefano Brivio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com \
    --to=abologna@redhat.com \
    --cc=laine@redhat.com \
    --cc=lvivier@redhat.com \
    --cc=passt-dev@passt.top \
    --cc=sbrivio@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).