On Thursday, May 08, 2014 05:45:56 PM vlad halilov wrote: > Hello. I trying to run kvm wih mls policy on RHEL6.5 and got strange error. > > Steps: > > 1) installing with virtulaization software bundle; > 2) install selinux mls and some more: xorg-x11-xauth policycoreutils-python > selinux-policy-mls netlabel_tools setools-console; > 3) enable mls in selinux/config, set permissive mode, autorelabel fs & > reboot; > 4) login by root@ssh with X (permissive mode still in effect) and create vm. > > Now, after creating any vm, it can executed only with dynamic label. On > trying to set static label (s0, s1 or any other with compartments) i got > an error: > > 2014-05-08 13:23:06.711+0000: 1607: error > > :virSecuritySELinuxGenSecurityLabel:552 : unable to allocate socket > security context 's0': Invalid argument If you are going to use static labels with sVirt you need to specify the entire SELinux label and not just the MLS field. I recommend searching for the "Red Hat Enterprise Linux 6 Virtualization Security Guide" for more information on using sVirt with RHEL6. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
