41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
|
From 8c86f8bbc326ff1578989a03b3c98b06634f62c1 Mon Sep 17 00:00:00 2001
|
||
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||
|
|
Date: Thu, 22 Jul 2021 16:31:34 +0100
|
||
|
|
Subject: [PATCH 6/7] docs: Correct --selinux-label example
|
||
|
|
|
||
|
|
The actual label you should use for the internal socket is
|
||
|
|
system_u:object_r:svirt_socket_t:s0 (not svirt_t).
|
||
|
|
|
||
|
|
The filesystem label is different and was not documented before, so
|
||
|
|
this is added.
|
||
|
|
|
||
|
|
See also:
|
||
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1984938
|
||
|
|
|
||
|
|
(cherry picked from commit 835762d1c68e30f650032bc8d8280e6140d8e46f)
|
||
|
|
---
|
||
|
|
docs/nbdkit.pod | 6 ++++--
|
||
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/docs/nbdkit.pod b/docs/nbdkit.pod
|
||
|
|
index 68399eca..5b679895 100644
|
||
|
|
--- a/docs/nbdkit.pod
|
||
|
|
+++ b/docs/nbdkit.pod
|
||
|
|
@@ -377,9 +377,11 @@ socket.
|
||
|
|
|
||
|
|
The common — perhaps only — use of this option is to allow libvirt
|
||
|
|
guests which are using SELinux and sVirt confinement to access nbdkit
|
||
|
|
-Unix domain sockets:
|
||
|
|
+Unix domain sockets. The example below shows how to do this. Note
|
||
|
|
+that the socket and filesystem labels are different.
|
||
|
|
|
||
|
|
- nbdkit --selinux-label system_u:object_r:svirt_t:s0 ...
|
||
|
|
+ nbdkit -U /tmp/sock --selinux-label=system_u:object_r:svirt_socket_t:s0 ...
|
||
|
|
+ chcon system_u:object_r:svirt_image_t:s0 /tmp/sock
|
||
|
|
|
||
|
|
=item B<--swap>
|
||
|
|
|
||
|
|
--
|
||
|
|
2.32.0
|
||
|
|
|