On 08/10/2012 03:47 PM, Daniel P. Berrange wrote:
This patch series makes a number of changes to the SELinux label
generation code. This is intended to make it fully honour the
current process label when generating VM labels, so that dynamic
label generation works better with custom policies, or confined
user accounts.
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Unfortunately I am not selinux-savvy enough to understand exactly why,
but I cannot start guests any more after pulling master.
The issue is that the virtual disk's security context (a block device in
this case) cannot be set, message shown below.
012-08-16 15:02:18.891+0000: 1536: error :
virSecuritySELinuxSetFileconHelper:652 : unable to set security context
'system_u:system_r:svirt_image_t:s0:c786,c986' on
'/dev/disk/by-path/ccw-0.0.3770-part1': Invalid argument
Prior to that the security context would have looked like this
system_u:object_r:svirt_image_t:s0:c153,c923, i.e. using object_r
instead of system_r.
I am running on RHEL 6.2, not sure whether this is relevant.
--
Mit freundlichen Grüßen/Kind Regards
Viktor Mihajlovski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294