From cdb7fe831516e510e9b9f7ca2925ca475ec9ea84 Mon Sep 17 00:00:00 2001
From: Caspian443 <scrisis843@gmail.com>
Date: Tue, 22 Jul 2025 16:22:47 +0800
Subject: [PATCH] runtime-rs: sandbox: read selinux_label from OCI spec and
 pass to preparevm

Extract the selinux_label field from the OCI spec during sandbox setup
and forward it to the prepare_vm API so the VMM process receives the
appropriate SELinux context label.

- sandbox: read selinux_label from OCI spec
- prepare_vm: accept and apply selinux_label parameter

Signed-off-by: Caspian443 <scrisis843@gmail.com>
---
 src/runtime-rs/crates/hypervisor/src/lib.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/runtime-rs/crates/hypervisor/src/lib.rs b/src/runtime-rs/crates/hypervisor/src/lib.rs
index c22840bb51..d1ac432c15 100644
--- a/src/runtime-rs/crates/hypervisor/src/lib.rs
+++ b/src/runtime-rs/crates/hypervisor/src/lib.rs
@@ -104,6 +104,7 @@ pub trait Hypervisor: std::fmt::Debug + Send + Sync {
         id: &str,
         netns: Option<String>,
         annotations: &HashMap<String, String>,
+        selinux_label: Option<String>,
     ) -> Result<()>;
     async fn start_vm(&self, timeout: i32) -> Result<()>;
     async fn stop_vm(&self) -> Result<()>;