Hi all, I've read this brief documentation on the fedora and RHEL5 documentation page: http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart#head-42db86c47fbb6d5abc7c6e5d931028d74d1b4102 https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Virtualization-en-US/ch-virt-selinux-considerations.html I'm understanding that this will grant access to the device to the xen daemon (xend) # semanage fcontext -a -t xen_image _t -f -b /dev/sda2 # restorecon /dev/sda2 But there's any way that you can be sure that a given domain can't acces to data on a other xen guest (a diferent device) using selinux? So, the Xen guest A could only acces to /dev/sda, and Xen guest B could only acces to /dev/sdb but they both are using the same xend daemon. Thank you very much! Jordi -- ...................................................................... __ / / Jordi Prats Català C E / S / C A Departament de Sistemes /_/ Centre de Supercomputació de Catalunya Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona T. 93 205 6464 · F. 93 205 6979 · jprats@xxxxxxxx ...................................................................... pgp:0x5D0D1321 ...................................................................... -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
