If libvirt is doing labeling on a domain startup, the original owner of files is not remembered. So later, when the domain is shutting down and re-labelling is done, we have no other option, just to fall back to 0:0. These patches are solving this issue for DAC driver. I am sending them just to know if the path I wen through is right so I don't bother with selinux if it is not. Michal Privoznik (2): conf: Add oldlabel field to virSecurityDeviceLabelDef security driver: Remember the original DAC label src/conf/domain_conf.c | 20 ++- src/conf/domain_conf.h | 1 + src/security/security_dac.c | 340 +++++++++++++++++++++++++++++++------------- 3 files changed, 260 insertions(+), 101 deletions(-) -- 1.8.0.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list