On Thu, Feb 13, 2025 at 11:16:42PM +0100, Stefano Brivio wrote:This doesn't actually belong to passt's own policy: we should export an interface and libvirt's policy should use it, because passt's policy shouldn't be aware of svirt_image_t at all. However, libvirt doesn't maintain its own policy, which makes policy updates rather involved. Add this workaround to ensure --vhost-user is working in combination with libvirt, as it might take ages before we can get the proper rule in libvirt's policy.Is the need to update libvirt's policy for these passt changes being tracked anywhere? Because if not it will not take ages, it will simply never happen. Especially if a workaround in passt's policy effectively sweeps the issue under the rug. -- Andrea Bolognani / Red Hat / Virtualization