qm
qm copied to clipboard
containers
SELinux policy for QM + BlueChi
In the context of https://github.com/eclipse-bluechi/bluechi/issues/997, the support for Unix Domain Sockets in BlueChi has been enhanced. This also included the respective SELinux policy (see In https://github.com/eclipse-bluechi/bluechi/pull/1015). On a setup QM + BlueChi it makes sense to mount the UDS of BlueChi into QM and have the bluechi-agent inside connect to it. This, however, is currently rejected due to missing SELinux policy rules. In this thread https://github.com/eclipse-bluechi/bluechi/pull/1015#discussion_r1890044181 some approaches were briefly discussed on how to solve this. Since BlueChi might be used inside QM and BlueChi doesn't know anything about QM, I think it would make sense extend QMs SELinux policy.
