Hello all! I try to boot the guest VM in native EL5.1 dom0. Kernel for guest domain I took from source compiled Xen distributions since native EL5.1 kernel being tired as guest did not see root partition at all. SELinux enforcing is disabled in the dom0:> [root@mbone ~]# getenforce > PermissiveConfiguration file for guest domain has parameter to disable selinux:> [root@mbone ~]# grep extra /etc/xen/xm-test > # You can use ''extra'' to set the runlevel and custom environment > extra = "4 enforcing=0"But I still get errors from SELinux:> [root@mbone ~]# xm create -c /etc/xen/xm-test > Using config file "/etc/xen/xm-test". > Started domain ExampleDomain > Linux version 2.6.18-xen (root@jig) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-8)) #12 SMP Thu Nov 29 11:53:14 MSK 2007 > ... > VFS: Mounted root (ext3 filesystem) readonly. > Freeing unused kernel memory: 184k freed > Unable to load SELinux Policy. Machine is in enforcing mode. Halting now. > Kernel panic - not syncing: Attempted to kill init!Config string like ''extra = "4 selinux=1 enforce=0"'' produce the same result. What is wrong? Thanks in advance. -- Veniamin. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Ruggero Tonelli
2008-Apr-29 09:37 UTC
Re: [Xen-users] Xen & SELINUX: how disable in guest?
Veniamin Konoplev ha scritto alle martedì 29 aprile 2008 [...]> What is wrong?to disable selinux put this line on domU cfg: extra = "selinux=0 ro" selinux will stop annoying.... cy, -- Ruggero Tonelli http://www.valtellinux.it GPG Key-id: 0x96998647 -- Il messaggio e'' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e'' risultato non infetto. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Veniamin Konoplev
2008-Apr-29 10:05 UTC
Re[2]: [Xen-users] Xen & SELINUX: how disable in guest?
Done. Result is the same: "Unable to load SELinux Policy. Machine is in enforcing mode. Halting now." :(. Tuesday, April 29, 2008, 1:37:48 PM, you wrote: RT> Veniamin Konoplev ha scritto alle martedì 29 aprile 2008 RT> [...]>> What is wrong?RT> to disable selinux put this line on domU cfg: RT> extra = "selinux=0 ro" RT> selinux will stop annoying.... RT> cy, RT> -- RT> Ruggero Tonelli RT> http://www.valtellinux.it RT> GPG Key-id: 0x96998647 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
rishi pathak
2008-Apr-29 11:24 UTC
Re: Re[2]: [Xen-users] Xen & SELINUX: how disable in guest?
Why not mount your domU''s root and change /etc/selinux/config On Tue, Apr 29, 2008 at 3:35 PM, Veniamin Konoplev <V.Konoplev@rssi.ru> wrote:> Done. > Result is the same: > "Unable to load SELinux Policy. Machine is in enforcing mode. Halting > now." > > :(. > > > Tuesday, April 29, 2008, 1:37:48 PM, you wrote: > > RT> Veniamin Konoplev ha scritto alle martedì 29 aprile 2008 > RT> [...] > >> What is wrong? > > RT> to disable selinux put this line on domU cfg: > > RT> extra = "selinux=0 ro" > > RT> selinux will stop annoying.... > > RT> cy, > > > RT> -- > RT> Ruggero Tonelli > RT> http://www.valtellinux.it > RT> GPG Key-id: 0x96998647 > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- Regards-- Rishi Pathak _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nico Kadel-Garcia
2008-Apr-29 19:31 UTC
Re: [Xen-users] Xen & SELINUX: how disable in guest?
Ruggero Tonelli wrote:> Veniamin Konoplev ha scritto alle martedì 29 aprile 2008 > [...] > >> What is wrong? >> > > to disable selinux put this line on domU cfg: > > extra = "selinux=0 ro" > > selinux will stop annoying.... > > cy, >*DO NOT* do this in DOM0!!! This blocks you from being able to turn it on. Disable it or enable it in the DomU itself. For RHEL and Fedora, take a look at /etc/sysconfig/selinux, which has an option to turn it off, set it to warning only, or activate it at boot time. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nico Kadel-Garcia ha scritto:> Ruggero Tonelli wrote: >> Veniamin Konoplev ha scritto alle martedì 29 aprile 2008 >> [...] >> >>> What is wrong? >>> >> >> to disable selinux put this line on domU cfg: >> >> extra = "selinux=0 ro" >> >> selinux will stop annoying.... >> >> cy, >> > *DO NOT* do this in DOM0!!! This blocks you from being able to turn it > on. Disable it or enable it in the DomU itself. > > For RHEL and Fedora, take a look at /etc/sysconfig/selinux, which has > an option to turn it off, set it to warning only, or activate it at > boot time. >...quoting myself: to disable selinux put this line on domU cfg: extra = "selinux=0 ro" selinux will stop annoying.... cy, -- Il messaggio e'' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e'' risultato non infetto. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Veniamin Konoplev wrote:> Hello all! > > I try to boot the guest VM in native EL5.1 dom0. > > Kernel for guest domain I took from source compiled Xen distributions > since native EL5.1 kernel being tired as guest did not see root > partition at all. > > SELinux enforcing is disabled in the dom0: > > >> [root@mbone ~]# getenforce >> Permissive >> > > Configuration file for guest domain has parameter to disable selinux: > > >> [root@mbone ~]# grep extra /etc/xen/xm-test >> # You can use ''extra'' to set the runlevel and custom environment >> extra = "4 enforcing=0" >>If you are using "pygrub" as bootloader to load the xenified kernel and initrd image from within the guest which is the default setup in RHEL and Centos rather than passing a xenified kernel and initrd image from the dom0, passing kernel parameters using extra = would not work. You should do "xm create -c <guest>" and edit the kernel line in the grub and pass selinux=0 for this to work. HTH --Sadique> > But I still get errors from SELinux: > > >> [root@mbone ~]# xm create -c /etc/xen/xm-test >> Using config file "/etc/xen/xm-test". >> Started domain ExampleDomain >> Linux version 2.6.18-xen (root@jig) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-8)) #12 SMP Thu Nov 29 11:53:14 MSK 2007 >> ... >> VFS: Mounted root (ext3 filesystem) readonly. >> Freeing unused kernel memory: 184k freed >> Unable to load SELinux Policy. Machine is in enforcing mode. Halting now. >> Kernel panic - not syncing: Attempted to kill init! >> > > Config string like ''extra = "4 selinux=1 enforce=0"'' produce the same > result. > > What is wrong? > > Thanks in advance. > > -- > Veniamin. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users