On Tue, Jun 24, 2008 at 12:57:20PM +0100, Adam Huffman wrote: > Having applied Dan Walsh's suggested fix for a SpamAssassin problem, I'm > now seeing errors when running a virtual machine via KVM. > > The image was created in virt-install quite a while ago: > > -rwxr-xr-x root root system_u:object_r:xen_image_t XP1 > > However, after changing to enforcing mode I saw lots of these errors: Xen is not KVM. Your image has the xen_image_t label because its in /var/lib/xen/images By default KVM images live in /var/lib/libvirt/images/ and have virt_image_t label. Xen probably ought to be allowed to read virt_image_t and then we should change /var/lib/xen/images/ to also be virt_image_t and get rid of xen_image_t. It is not nice to have different labels and locations for different virt technology. So we should make sure everything is using the generic virt_image_t In the meantime you can either move your images or relabel them to be virT_image_t for use with KVM Regards, Daniel. -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
