On Fri, Aug 06, 2021 at 06:47:57PM +0100, Daniel P. Berrangé wrote:
> This is an extension of
>
> https://listman.redhat.com/archives/libvir-list/2021-July/msg00167.html
>
> The original patches from that series are unchanged apart from the
> commit message, and tweak to the min fedora version in the RPM.
>
> I then include various refactors/cleanups.
>
> On Fedora 34 I notice the following:
>
> ../src/security/selinux/virt.te:579: Warning: fs_rw_anon_inodefs_files(virtd_t) has been deprecated. All calls can be safely removed.
> ../src/security/selinux/virt.te:580: Warning: fs_list_inotifyfs(virtd_t) has been deprecated. All calls can be safely removed.
> ../src/security/selinux/virt.te:985: Warning: fs_rw_anon_inodefs_files(virt_domain) has been deprecated. All calls can be safely removed.
> ../src/security/selinux/virt.te:1520: Warning: fs_list_inotifyfs(svirt_sandbox_domain) has been deprecated. All calls can be safely removed.
>
> assuming those warnings are correct, we can delete a few things
> from the policy, but that's not done here.
>
> Daniel P. Berrangé (10):
> selinux: remove redundant use of 'set_variable' function
> selinux: move selinux policy build helper to scripts directory
> selinux: don't hardcode paths to selinux tools
> selinux: don't hardcode policy include files directory
> rpm: move logic for setting selinux policy variables
> rpm: rename selinux variables to improve clarity
> selinux: introduce meson option for selinux policy install
> selinux: remove duplicate sources list for policy
> scripts: use variables for cli args in selinux helper
> scripts: factor repeated path joins from selinux helper
>
> Nikola Knazekova (1):
> security: add SELinux policy for virt
>
> Vit Mojzis (2):
> selinux: introduce build, install, packaging for selinux policy
> Install selinux-policy-devel in test environment
Overall looks reasonable, there are some small issues and we should
clarify where the policy comes from and add the missing system.token
bits.
Pavel