I have a CentOS 7 domain defined in libvirt. One device I have attached is a
<filesystem> device, exporting
/home on my host as a mount tag in the guest.
<filesystem type='mount' accessmode='passthrough'> <source dir='/home'/> <target dir='home'> </filesystem>
When I start the guest, I mount the
home mount tag:
home /home 9p trans=virtio,version=9p2000.L 0 0
This works at a superficial level. The filesystem mounts and I can list the directories within. However, trying to list files deeper in the hierarchy fail with “permission denied” errors. My domain has
<seclabel type='dynamic'> and is labeled with the
svirt_t type. My guest is running SELinux in permissive mode. The mounted filesystem is typed as
nfs_t (presumably because it is a remote volume). When I change the type of my home directory from
nfs_t, I can list the contents from within the guest.
Can I force the guest to respect the labels on the volume as they exist on the host instead of getting every file labeled as type