The cleanup in commit cf976d9d used secdef-label to label the tap
FDs, but that is not possible since it's process-only label (svirt_t)
and not a object label (e.g. svirt_image_t). Starting a domain failed
with EPERM, but simply using secdef-label instead fixes it.
Signed-off-by: Martin
On 09/01/2014 03:31 PM, Martin Kletzander wrote:
The cleanup in commit cf976d9d used secdef-label to label the tap
FDs, but that is not possible since it's process-only label (svirt_t)
and not a object label (e.g. svirt_image_t). Starting a domain failed
with EPERM, but simply using
