[15:11] <blackboxsw_> rharper: so I ran across SELinux issues with cloud-init-hotplugd.socket being able to create a FIFO queue. I filed the bug for discussion as we iterate on getting hotplug fully functional.   https://bugs.launchpad.net/cloud-init/+bug/1936229  I was wondering if we should pursue trying to actually establish an selinux policy for this and get that upstream..... Figured I'd pick your brain on this.
[15:11] <blackboxsw_> I'll be talkng with the other half of the server team today to see what their thoughts are too
[15:13] <blackboxsw_> smoser too if interested ^.... I wanted to capture the bug because either way, I wasn't certain I wanted to tackle that part of the hotplug support in this PR because it's already getting big. I was thinking we'd be able to followup with something a bit more reviewable as an additional PR after https://github.com/canonical/cloud-init/pull/936
[15:18] <rharper> blackboxsw_: oh, interesting 
[16:54] <blackboxsw_> otubo: rjschwei : question out of nowhere for you as I'm a bit shallow on SELinux customization in any distro.  If cloud-init needs to add custom SELinux policies  for new systemd units or services to allow permissions such as creating or reading from FIFO queues, (per PR 936) is there a desired process for delivering policy customizations?
[16:55] <blackboxsw_> For instance, would we want to drive SELinux policies to a "reference" or "base"  selinux policy package to allow for cloud-init behavior or is it really up to the individual packages to establish and install their own policies?
[16:56] <blackboxsw_> or for cloud image creators to ensure they add the proper SELinux policies in place for any cloud-init enabled image
[16:58] <rjschwei> blackboxsw_: I have no knowledge about SELinux policies, sorry I cannot help
[16:58] <blackboxsw_> no worries rjschwei, thanks. I figured I'd canvas on this in case others had experience.