On 01/30/2017 03:22 AM, George Dunlap wrote: > > I think that comment may be a little old. I do try to support SELinux > -- the smoke tests I use before pushing changes have it enabled by > default, and they use both qemu-xen and blktap. > > But it's difficult to help debug problems when you haven't even said > what problem(s) you're having. :-) > > Please be sure to include the output of `dmesg`, `xl dmesg`, your > xl.cfg, and /var/log/audit/audit.log. > > Thanks, > -George George, I appreciate you try to keep SELinux working and thank you. If SELinux isn't appropriate for an environment, disabling it is easy. But if it is needed for whatever reason, adding support is hard. Looking through our ansible role, it turns out that for xenconsoled to be able to work with oxenstored I had to make a policy change. I hesitate to publish that policy as-is because I used audit2allow without taking enough time to tune it and the policy is probably too permissive. But running xenconsoled with oxenstored on CentOS 6 should allow you to duplicate. If you don't have time to duplicate, I should be able to do that and get you the original audit.log messages. --Sarah _______________________________________________ CentOS-virt mailing list CentOS-virt@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos-virt