Adam Huffman wrote: > Daniel P. Berrange wrote: >> On Tue, Jun 24, 2008 at 12:57:20PM +0100, Adam Huffman wrote: >> >>> Having applied Dan Walsh's suggested fix for a SpamAssassin problem, >>> I'm now seeing errors when running a virtual machine via KVM. >>> >>> The image was created in virt-install quite a while ago: >>> >>> -rwxr-xr-x root root system_u:object_r:xen_image_t XP1 >>> >>> However, after changing to enforcing mode I saw lots of these errors: >>> >> >> Xen is not KVM. >> >> Your image has the xen_image_t label because its in /var/lib/xen/images >> >> > Yes, I always found that location a bit odd, but that's where I was told > to put them > the last time I had similar trouble (i.e. if I didn't put them in > /var/lib/xen/images, they wouldn't > pick up the right context). > >> By default KVM images live in /var/lib/libvirt/images/ and have >> virt_image_t label. Xen probably ought to be allowed to read virt_image_t >> and then we should change /var/lib/xen/images/ to also be virt_image_t >> and get rid of xen_image_t. It is not nice to have different labels and >> locations for different virt technology. So we should make sure >> everything >> is using the generic virt_image_t >> >> > > That would be simpler, yes. >> In the meantime you can either move your images or relabel them to be >> virT_image_t for use with KVM >> >> > Yes, I've relabeled and that seems to have worked for now. > > On a related point, will I need to apply virt_image_t to .iso files I'm > mounting in > these VMs? > > Thanks, > Adam > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list No just image files. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
