Hello! I'm trying to use selinux in enforcing mode ON THE HOST while using passt for networking. I'm using Debian sid, kvm, and qemu on the SYSTEM bus (I could not make any progress using the session bus).
What I'm running into is that `apt update` in the guest does not connect (it just sits there at "connecting to deb.debian.org") for a long time. curl-ing either v4 or v6 addresses fails in the same way in the guest. With `setenforce 0` (on the host, obviously), everything works fine. With setenforce 0 I can just ctrl-c the connection attempt on the guest, retry, and it will work. Similarly, setenforce 1 immediately breaks any subsequent connection attempts. The problem is that `audit2why -al` is EMPTY. I'll emphasize that I've needed to iterate running audit2allow multiple times to get to this point. If someone wants to see the module source that I've managed to create up to this point, I can send it. What I really need to know is: is there a way to somehow silence audit2why entries? Can I disable that? And, is there anywhere else I can find any denials? Best, Antonio
