I’m looing to get into some “TomFoolery” with a Windows 7 & 10 VM, Is anyone aware of any SELinux labels to use to contain the Windows VM’s? I’m familiar with doing this with sytemd-nspawn for Linux containers, managing them with machinectl and adding a sandbox labels:
system_u:object_r:svirt_sandbox_file_t:s0:c0,c1
but I’ve never had to contain a VM. If possible i would need the VM to access the internet as well.