The OSP16 'nova_libvirt' container that Red Hat ships has SELinux disabled. This is the container where the libvirt daemon (`libvirtd`) runs; which in turn means, all OSP-16 VMs will have _no_ sVirt protection.
Acknowledgments: Name: Lukas Bezdicka (Red Hat), Daniel Berrangé (Red Hat)
External References: https://bugs.launchpad.net/tripleo/+bug/1880947
Created openstack-tripleo-heat-templates tracking bugs for this issue: Affects: openstack-rdo [bug 1861403]
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2020:3199 https://access.redhat.com/errata/RHSA-2020:3199
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10731
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.0 (Train) Via RHSA-2020:3406 https://access.redhat.com/errata/RHSA-2020:3406
This issue has been addressed in the following products: Red Hat OpenStack Platform 15.0 (Stein) Via RHSA-2020:3410 https://access.redhat.com/errata/RHSA-2020:3410