[CentOS-docs] Xen image context

Thu Apr 26 08:27:22 UTC 2007
Daniel de Kok <danieldk at pobox.com>


What about adding something along these lines to the Wiki?:

Xen images

The targeted SELinux policy for Xen requires Xen disk images to have
the xen_image_t context. By default, two directories are defined with
this context:

/var/lib/xen/images(/.*)?	system_u:object_r:xen_image_t:s0
/xen(/.*)?			system_u:object_r:xen_image_t:s0

You can also explicitly set the context with chcon, or add a local file
context customization if you want to keep the correct context when
contexts are restored. For instance, I like to keep my images
in /srv/xen. The following commands prepare this directory for use of
Xen images:

# mkdir -p /srv/xen
# semanage fcontext -a -t xen_image_t "/srv/xen(/.*)?"

This will automatically add a relevant file context rule
to /etc/selinux/targeted/contexts/files/file_contexts.local and reload
the context. 

If so, where? A SELinux tips and tricks page? Xen tips and tricks page?

-- Daniel