Re: [Libguestfs] selinux question and answer

> Ok. We have a use case (/etc/mtab) which would be broken without this. > I'd go ahead and add it. > > I'm inclined to try setcon to an ordered list of targets, stopping when > one works. So far, I think we've got: > > 1. unconfined_u:unconfined_r:unconfined_t:s0 > 2. user_u:system_r:unconfined_t:s0 > 3. system_u:object_r:unconfined_t:s0 > > sysadm_t was mentioned on our call yesterday as being the root login > domain for an MLS policy. What's a good set for MLS? I'm not even sure what "MLS" is. Anyway, isn't there a way to get this from the /etc/selinux configuration of the guest? For example on a Fedora 10 machine I see: $ cat /etc/selinux/targeted/contexts/default_type auditadm_r:auditadm_t secadm_r:secadm_t sysadm_r:sysadm_t staff_r:staff_t unconfined_r:unconfined_t user_r:user_t $ cat /etc/selinux/targeted/contexts/default_contexts system_r:crond_t:s0 system_r:system_crond_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 system_r:sshd_t:s0 user_r:user_t:s0 system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0 system_r:xdm_t:s0 user_r:user_t:s0