Selinux is way too complicated for Xen environment, there are other alternative to security your system than SeLinux. Xlord -----Original Message----- From: CentOS-virt [mailto:centos-virt-bounces@xxxxxxxxxx] On Behalf Of George Dunlap Sent: Monday, January 30, 2017 7:23 PM To: Discussion about the virtualization on CentOS <centos-virt@xxxxxxxxxx> Subject: Re: Selinux Problem On Thu, Jan 26, 2017 at 8:08 PM, Günther J. Niederwimmer <gjn@xxxxxxxxxxx> wrote: > Hello, > > Am Donnerstag, 26. Januar 2017, 10:54:20 CET schrieb Johnny Hughes: >> On 01/26/2017 10:06 AM, Günther J. Niederwimmer wrote: >> > Hello, >> > >> > CentOS 7.(3) Xen 4.4, >> > >> > Can I find any Doc for selinux with XEN, I found many Problems with >> > selinux on Dom0 ? >> > >> > Or have I to disable selinux when I install XEN. >> > >> > Thank's for a answer. >> >> We have not tried to make xen work with selinux on Dom0 .. in fact >> our >> documentation: >> >> https://wiki.centos.org/Manuals/ReleaseNotes/Xen4-01 >> >> says: >> >> SELinux support is disabled, and you might need to disable SELinux on >> the dom0 for some operations; primarily when using qemu-xen and >> blktap backed storage. > > This is not the best Situation, but when I have no other way I have to > disable selinux :-(. I think that comment may be a little old. I do try to support SELinux -- the smoke tests I use before pushing changes have it enabled by default, and they use both qemu-xen and blktap. But it's difficult to help debug problems when you haven't even said what problem(s) you're having. :-) Please be sure to include the output of `dmesg`, `xl dmesg`, your xl.cfg, and /var/log/audit/audit.log. Thanks, -George _______________________________________________ CentOS-virt mailing list CentOS-virt@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos-virt _______________________________________________ CentOS-virt mailing list CentOS-virt@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos-virt