Previous discussion: https://www.redhat.com/archives/libvir-list/2012-September/thread.html#01037 This adds <seclabel> to character devices' <source/> elements, like this: <serial type="unix"> <source mode="connect" path="/tmp/console.sock"> <seclabel model="selinux" relabel="no"/> </source> <target port="0"/> </serial> I tested it by controlling the labelling of the libguestfs console socket (when unlabelled, SELinux prevents libguestfs from starting), and it appears to work. By the way, I could only get this to work by explicitly adding the model="selinux" attribute. Looking at the code, it seems the same would be true for disk-specific seclabels too, so the documentation is wrong. Rich. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list