From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bhFOZlec;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 2FDD35A0638
	for <passt-dev@passt.top>; Fri, 14 Feb 2025 14:30:50 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1739539849;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=RvewrBMgGYwPVXFsf1Ukvn8zrNPpuJLYtp1C4xJJ7IE=;
	b=bhFOZlecYcjEnt4B5JHdFujuHqyiWGHoVvf/bFwkCufuWjvTIKa2ufrtRhwuUwctd33+6F
	xeoA+gb2AUbsyv6jRMjeDvoSO24+tWllV7e+Bwatlelx54uMCKrLbMDY0aSkCEwIWCGFI4
	s774+v3Dhn0onHWLipkGsGXxQhu0S9c=
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-688-iylrh4VhMn-SpPhWIMl8Dw-1; Fri, 14 Feb 2025 08:30:47 -0500
X-MC-Unique: iylrh4VhMn-SpPhWIMl8Dw-1
X-Mimecast-MFC-AGG-ID: iylrh4VhMn-SpPhWIMl8Dw_1739539847
Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-471c9a003d7so26719221cf.3
        for <passt-dev@passt.top>; Fri, 14 Feb 2025 05:30:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739539847; x=1740144647;
        h=cc:to:subject:message-id:date:in-reply-to:mime-version:references
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=RvewrBMgGYwPVXFsf1Ukvn8zrNPpuJLYtp1C4xJJ7IE=;
        b=MNhftFG+mU5o4D8qZrlT/QTmtG9nAlnb5kIeaB6/v0WkF+bG6JzLQfw/2d8nzmLoEy
         rYgFlDCUze2/6oJef5qu9ybfSs1CHiLv/pHyfRklO/DI5QzCpxSFJTS0sOf8k2fsjQbJ
         HMdI32CEwPswBe+cO+LfOLLyci5laLSEx2SXc+aLJYzVsWcAyhWKTRZP4hcXypOTFylt
         HIciLLLvFYQGD/xLgrtwTW3F9eCopEgxSdKhhYrsQkBYBpJcJS7k4i8nTWGguGzD5KZO
         f25wcHtmxrU8cJC22hScB4BwO5iNTq8jpFlEOqhMYKX6dw1aK/RjoY7Eabl+W9wNwWPU
         yuFw==
X-Gm-Message-State: AOJu0Yy1KQyAMZuO5HjcggLoCk/8qyR7463NSpf+86J53GRdscbXDtIh
	9CpgWz4vCBExKQZR4FVMAuOMKD+o2W31PhyUjD3ErbzfIijBqthb8Es7RDqMqNV+to0wBRl1iF7
	+EbWCDv1vMfuaHy8K83mG/6b/yBV7grH5MfjwBd8A/nLdpZUVM3DaAcKHkShRGBuVnaVZ11vIg1
	8Lf2Dk3ilg6+Te5rfnhDk35n3M
X-Gm-Gg: ASbGncs1uP2ix/cfWu7Nhp6Mr2mmTRLirQTfj1bdXCRr1GTprKWm1oGojG9jxVlmrdH
	WfYKwyiUMszQtyE9+qnxs7FmjUvx8FbnU4LUcJBdJPk/Hbg3dJGN8yuBJw3CAhw==
X-Received: by 2002:a05:622a:104:b0:471:d49d:bec7 with SMTP id d75a77b69052e-471d49dc0e5mr17720721cf.4.1739539846994;
        Fri, 14 Feb 2025 05:30:46 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEZua7sFqKIxPAfRStMB5z0eYXYPassiD73RaVPTXaEECTd1xIFHp+QS8VfQkAg+oEEgHuYugWVdUjNz6w3oIw=
X-Received: by 2002:a05:622a:104:b0:471:d49d:bec7 with SMTP id
 d75a77b69052e-471d49dc0e5mr17720431cf.4.1739539846732; Fri, 14 Feb 2025
 05:30:46 -0800 (PST)
Received: from 744723338238 named unknown by gmailapi.google.com with
 HTTPREST; Fri, 14 Feb 2025 05:30:45 -0800
Received: from 744723338238 named unknown by gmailapi.google.com with
 HTTPREST; Fri, 14 Feb 2025 05:30:44 -0800
From: Andrea Bolognani <abologna@redhat.com>
References: <20250213221642.4085986-1-sbrivio@redhat.com>
MIME-Version: 1.0
In-Reply-To: <20250213221642.4085986-1-sbrivio@redhat.com>
Date: Fri, 14 Feb 2025 05:30:44 -0800
X-Gm-Features: AWEUYZl67sFhbs6E2ByqvTq0j5q8g_4bIyaHS2H1rlnDewXK2tWmhQczfUBgeTo
Message-ID: <CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com>
Subject: Re: [PATCH] contrib/selinux: Enable mapping guest memory for libvirt guests
To: Stefano Brivio <sbrivio@redhat.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: n0DbANdcyzbzWYwZkbMoCuzydZXWOLF45CxHqUYsARE_1739539847
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: L2PYS5W27CTIZKKL7MH723QEEI2Z3ADN
X-Message-ID-Hash: L2PYS5W27CTIZKKL7MH723QEEI2Z3ADN
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Laine Stump <laine@redhat.com>, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/CABJz62OnC+SOKRqjYvQCc_wTRBTxawtwgi5C7YtWr2Mjg_pmTg@mail.gmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/L2PYS5W27CTIZKKL7MH723QEEI2Z3ADN/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Thu, Feb 13, 2025 at 11:16:42PM +0100, Stefano Brivio wrote:
> This doesn't actually belong to passt's own policy: we should export
> an interface and libvirt's policy should use it, because passt's
> policy shouldn't be aware of svirt_image_t at all.
>
> However, libvirt doesn't maintain its own policy, which makes policy
> updates rather involved. Add this workaround to ensure --vhost-user
> is working in combination with libvirt, as it might take ages before
> we can get the proper rule in libvirt's policy.

Is the need to update libvirt's policy for these passt changes being
tracked anywhere? Because if not it will not take ages, it will
simply never happen. Especially if a workaround in passt's policy
effectively sweeps the issue under the rug.

-- 
Andrea Bolognani / Red Hat / Virtualization