On Tue, Nov 16, 2021 at 08:06:03AM +0100, Thomas Huth wrote:
> On 15/11/2021 21.29, Eric Blake wrote:
> > From: "Richard W.M. Jones" <rjo...@redhat.com>
> >
> > Under SELinux, Unix domain sockets have two labels. One is on the
> > disk and can be set with commands such as chcon(1). There is a
> > different label stored in memory (called the process label). This can
> > only be set by the process creating the socket. When using SELinux +
> > SVirt and wanting qemu to be able to connect to a qemu-nbd instance,
> > you must set both labels correctly first.
> >
> > For qemu-nbd the options to set the second label are awkward. You can
> > create the socket in a wrapper program and then exec into qemu-nbd.
> > Or you could try something with LD_PRELOAD.
> >
> > This commit adds the ability to set the label straightforwardly on the
> > command line, via the new --selinux-label flag. (The name of the flag
> > is the same as the equivalent nbdkit option.)
> ...
> > @@ -3430,6 +3437,7 @@ summary_info += {'libdaxctl support': libdaxctl}
> > summary_info += {'libudev': libudev}
> > # Dummy dependency, keep .found()
> > summary_info += {'FUSE lseek': fuse_lseek.found()}
> > +summary_info += {'selinux': selinux.found()}
>
> It's nicer if you do it like this (i.e. without the .found()):
>
> summary_info += {'selinux': selinux}
>
> ... then meson prints out the version of the library, too.
Will tweak on the pull request.
>
> Apart from that, patch looks fine to me:
>
> Reviewed-by: Thomas Huth <th...@redhat.com>
>
Thanks. I'll send a pull request through my NBD tree soon.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
