With current libvirt and qemu, migration is not working if SELinux is in enforcing mode, since the TCP socket we pass to qemu is not labeled in a way that would allow qemu to read from it. After this patchset, migration works even in enforcing mode. Jiri Denemark (3): security: Rename SetSocketLabel APIs to SetDaemonSocketLabel security: Introduce SetSocketLabel qemu: Correctly label migration TCP socket src/libvirt_private.syms | 1 + src/qemu/qemu_migration.c | 5 +++- src/qemu/qemu_process.c | 3 +- src/security/security_dac.c | 11 +++++++++- src/security/security_driver.h | 3 ++ src/security/security_manager.c | 10 +++++++++ src/security/security_manager.h | 2 + src/security/security_nop.c | 7 ++++++ src/security/security_selinux.c | 42 +++++++++++++++++++++++++++++++++++++- src/security/security_stack.c | 17 +++++++++++++++ 10 files changed, 96 insertions(+), 5 deletions(-) -- 1.7.6.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list