Hi. On Fri, Mar 09, 2012 at 11:32:47 +0000, Stefan Hajnoczi wrote: ... > static __inline__ int platform_test_xfs_fd(int fd) > { > struct statfs buf; > if (fstatfs(fd, &buf) < 0) > return 0; > return (buf.f_type == 0x58465342); /* XFSB */ > } > > In other words, XFS detection will fail when SELinux is enabled. > > I'm not familiar with libvirt's use of SELinux. Can someone explain > if we need to expand the policy in libvirt and how to do that? Actually, there is no SELinux policy in libvirt. Libvirt merely uses an appropriate security context when running qemu processes. The rules what such processes can do and what they are forbidden to do are described in SELinux policy which is provided as a separate package (or packages on some distros). So it's this policy (selinux-policy package on Fedora based distros) which would need to be expanded. Thus it should be negotiated with SELinux policy maintainers if they are willing to allow svirt_t domain calling fstatfs. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list