On Thu, Jan 14, 2016 at 10:24:45AM +0000, Richard W.M. Jones wrote: > On Thu, Jan 14, 2016 at 10:12:30AM +0000, Daniel P. Berrange wrote: > > The difference comes in the restore step - where we blow away the > > readonly label and put it back to the original. For disks we never > > restore readonly/shared labels, but for kernels we do. If we just > > kill the restore step for kernels too, we should be fine AFAICT. > > Works for me - I can try a patch, or if you can point me at the code I > should comment out I'll do that. Is security_selinux.c in the virSecuritySELinuxRestoreAllLabel method, trying commenting out the lines related to kernel + initrd at the end. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list