On 3/6/23 6:28 PM, Stefano Brivio wrote:This series addresses a number of issues or inconveniences shown by further testing against libvirt, essentially a 9.1.0 version patched up to fix the current breakage by starting passt in the "passt_t" domain. Stefano Brivio (4): contrib/selinux: Drop duplicate init_daemon_domain() rule contrib/selinux: Let passt write to stdout and stderr when it starts contrib/selinux: Allow binding and connecting to all UDP and TCP ports contrib/selinux: Let interface users set paths for log, PID, socket files contrib/selinux/passt.if | 26 +++++++++++++++++++++++++- contrib/selinux/passt.te | 29 ++++++++++++++++------------- 2 files changed, 41 insertions(+), 14 deletions(-)Tested-by: Laine Stump <laine(a)redhat.com> Reviewed-by: Laine Stump <laine(a)redhat.com> (for what it's worth) I was going to send this along with a link to my latest libvirt patches that properly set the selinux context for passt when it is run, but am having trouble with my sendmail setup so I haven't yet been able to post them :-/