martinpitt
commented
11 months ago Right, umockdev-record could put the context into the .umockdev file, and umockdev-run could set it. That has to happen via the API, so that will come first anyway.
Closed ikerexxe closed 11 months ago
martinpitt
commented
11 months ago Right, umockdev-record could put the context into the .umockdev file, and umockdev-run could set it. That has to happen via the API, so that will come first anyway.
ikerexxe
commented
11 months ago Then, I guess we'll need an API option to set the context, and then a way to "record" and "run" to the file.
martinpitt
commented
11 months ago Yes, that's what I'm working on now in the selinux branch. I'll let you review the PR once it is in a consumable shape. But I'm on a sprint this week, so won't finish today; but tomorrow there's a good chance I have something.
martinpitt
commented
11 months ago I pushed a first PR #222 for this. It may need a little polish, but it's ready for testing (including automatic COPR)
We'd like to be able to use umockdev as unprivileged users in a SELinux environment. Currently, the SELinux labels aren't set to the correct values for our application to access the files, thus making umockdev unusable in this context.
The request is to provide a way to set up the SELinux context, either by recording it in the umockdev recording, or by setting it via the API.