Re: Selinux Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/30/2017 03:22 AM, George Dunlap wrote:

> 
> I think that comment may be a little old.  I do try to support SELinux
> -- the smoke tests I use before pushing changes have it enabled by
> default, and they use both qemu-xen and blktap.
> 
> But it's difficult to help debug problems when you haven't even said
> what problem(s) you're having. :-)
> 
> Please be sure to include the output of `dmesg`, `xl dmesg`, your
> xl.cfg, and /var/log/audit/audit.log.
> 
> Thanks,
>  -George

George,

I appreciate you try to keep SELinux working and thank you. If SELinux isn't appropriate for an environment, disabling it is easy. But if it is needed
for whatever reason, adding support is hard.

Looking through our ansible role, it turns out that for xenconsoled to be able to work with oxenstored I had to make a policy change. I hesitate to
publish that policy as-is because I used audit2allow without taking enough time to tune it and the policy is probably too permissive.

But running xenconsoled with oxenstored on CentOS 6 should allow you to duplicate. If you don't have time to duplicate, I should be able to do that
and get you the original audit.log messages.

--Sarah
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt



[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]

  Powered by Linux