Robin Bowes wrote: > On other problem I've noticed is that the xendomains init script didn't > start the domains at boot, or from the command-line. I've copied the new > one from https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=120075 > but I was seeing this error: > > # service xendomains start > Starting auto Xen domains:Error: Disk isn't accessible > > This is the context of that file: > > -rwxr-xr-x root root system_u:object_r:initrc_exec_t xendomains > > I copied xendomains to xendomains.new so it has this context: > > -rwxr-xr-x root root root:object_r:etc_t xendomains.new > > And the script now works. > > Again, is this the (or a) correct fix? Any security problems with this? Hmmm. xendomains is not starting the guest instances at reboot. I see this error in send.log: [2006-10-13 16:34:28 xend] ERROR (XendBootloader:36) Disk isn't accessible I also get new AVC msgs: allow xm_t fixed_disk_device_t:blk_file read; When I add this to the policy file, i.e.: class blk_file read; type fixed_disk_device_t; type xm_t; allow xm_t fixed_disk_device_t:blk_file read; I get this error when loading the compiled policy: # semodule -i $xen.pp libsepol.check_assertion_helper: assertion on line 0 violated by allow xm_t fixed_disk_device_t:blk_file { read }; libsepol.check_assertions: 1 assertion violations occured libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! Any suggestions as to how to fix this? Thanks, R. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
