The SELinux modular policy contains a module with policies specific to libvirt (virt), but this module is not compiled into the SELinux base policy that is installed on Gentoo, nor is it available as an explicit policy In addition, the selinux-virt ebuild needs to create two files in /etc/selinux/{strict,targeted}/contexts: virtual_domain_context and virtual_image_context. These two files are system dependent and are thus not created when compiling the default system policy. However, libvirt is SELinux-aware and will error out if these files are not present. Reproducible: Always
Created attachment 240987 [details] ebuild for selinux-virt policy
This policy is now included in the testing build for 2.20101213 policy.