In src/security/security_selinux.c, virSecuritySELinuxMCSFind(), We can see that the program randomly gets two numbers. But if c1 == c2, the program will generate a single category context like s0:cXXX,
But if we have got machine with context like "s0:cXXX,cYYY" ,It will be able to read the image of machine with "s0:cXXX". This should be avoided.
Fix is in 7.5.0, please bump.
The bug has been referenced in the following commit(s):
Author: Jonathan Davies <email@example.com>
AuthorDate: 2021-07-07 19:05:44 +0000
Commit: Joonas Niilola <firstname.lastname@example.org>
CommitDate: 2021-07-14 17:56:31 +0000
app-emulation/libvirt: Version updated to 7.5.0, with changes:
* Use meson_feature for apparmor_profiles.
* Updated minimum Xen version to 4.9.0.
Signed-off-by: Jonathan Davies <email@example.com>
Signed-off-by: Joonas Niilola <firstname.lastname@example.org>
app-emulation/libvirt/Manifest | 2 +
app-emulation/libvirt/libvirt-7.5.0.ebuild | 327 +++++++++++++++++++++++++++++
2 files changed, 329 insertions(+)
https://github.com/SELinuxProject/refpolicy/pull/395 needs to be merged into our policy packages before we stabilize this... or everything is going to break for users enforcing selinux.
Unable to check for sanity:
> no match for package: app-emulation/libvirt-7.5.0
Since there's no ebuild for <libvirt-7.5.0 anymore can this be closed?
(In reply to Michal Privoznik from comment #4)
> Since there's no ebuild for <libvirt-7.5.0 anymore can this be closed?