Bug 2127409

Summary: libvirt: SELinux labels are not set on UNIX sockets
Product: Red Hat Enterprise Linux 9 Reporter: yafu <yafu>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
libvirt sub component: General QA Contact: yafu <yafu>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: cweather, david, dzheng, gveitmic, jdenemar, jsuchane, lmen, mprivozn, virt-maint, xuzhang, yafu
Version: 9.1Keywords: Triaged, Upstream
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-8.7.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2101575 Environment:
Last Closed: 2023-05-09 07:27:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 8.6.0
Embargoed:
Bug Depends On: 2101575    
Bug Blocks:    

Comment 4 Michal Privoznik 2022-09-19 08:35:41 UTC 
Merged upstream as:

commit 9f13f54a6348b54170f7de3595039c99b9da72c7
Author:     David Michael <david>
AuthorDate: Tue Jun 28 08:33:41 2022 -0400
Commit:     Michal Prívozník <mprivozn>
CommitDate: Fri Jul 1 14:51:19 2022 +0200

    security_selinux.c: Relabel existing mode="bind" UNIX sockets
    
    This supports sockets created by libvirt and passed by FD using the
    same method as in security_dac.c.
    
    Signed-off-by: David Michael <david>
    Signed-off-by: Michal Privoznik <mprivozn>
    Reviewed-by: Michal Privoznik <mprivozn>

v8.5.0-13-g9f13f54a63
Comment 5 yafu 2022-09-22 06:40:21 UTC 
Tested pass with libvirt-8.7.0-1.el9.x86_64.
Comment 8 yafu 2022-09-30 01:44:41 UTC 
Verified with libvirt-8.7.0-1.el9.x86_64.

Test steps are the same as https://bugzilla.redhat.com/show_bug.cgi?id=2101575#c17.
Comment 10 errata-xmlrpc 2023-05-09 07:27:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libvirt bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2171