Selinux is way too complicated for Xen environment, there are other alternative
to security your system than SeLinux.
Xlord
-----Original Message-----
From: CentOS-virt [mailto:centos-virt-bounces at centos.org] On Behalf Of George
Dunlap
Sent: Monday, January 30, 2017 7:23 PM
To: Discussion about the virtualization on CentOS <centos-virt at
centos.org>
Subject: Re: [CentOS-virt] Selinux Problem
On Thu, Jan 26, 2017 at 8:08 PM, G?nther J. Niederwimmer <gjn at
gjn.priv.at> wrote:> Hello,
>
> Am Donnerstag, 26. Januar 2017, 10:54:20 CET schrieb Johnny Hughes:
>> On 01/26/2017 10:06 AM, G?nther J. Niederwimmer wrote:
>> > Hello,
>> >
>> > CentOS 7.(3) Xen 4.4,
>> >
>> > Can I find any Doc for selinux with XEN, I found many Problems
with
>> > selinux on Dom0 ?
>> >
>> > Or have I to disable selinux when I install XEN.
>> >
>> > Thank's for a answer.
>>
>> We have not tried to make xen work with selinux on Dom0 .. in fact
>> our
>> documentation:
>>
>> https://wiki.centos.org/Manuals/ReleaseNotes/Xen4-01
>>
>> says:
>>
>> SELinux support is disabled, and you might need to disable SELinux on
>> the dom0 for some operations; primarily when using qemu-xen and
>> blktap backed storage.
>
> This is not the best Situation, but when I have no other way I have to
> disable selinux :-(.
I think that comment may be a little old. I do try to support SELinux
-- the smoke tests I use before pushing changes have it enabled by default, and
they use both qemu-xen and blktap.
But it's difficult to help debug problems when you haven't even said
what problem(s) you're having. :-)
Please be sure to include the output of `dmesg`, `xl dmesg`, your xl.cfg, and
/var/log/audit/audit.log.
Thanks,
-George
_______________________________________________
CentOS-virt mailing list
CentOS-virt at centos.org
https://lists.centos.org/mailman/listinfo/centos-virt