[CentOS-virt] Selinux Problem

-=X.L.O.R.D=- xlord.sl at gmail.com
Thu Feb 2 16:46:08 UTC 2017


Selinux is way too complicated for Xen environment, there are other alternative to security your system than SeLinux.

Xlord

-----Original Message-----
From: CentOS-virt [mailto:centos-virt-bounces at centos.org] On Behalf Of George Dunlap
Sent: Monday, January 30, 2017 7:23 PM
To: Discussion about the virtualization on CentOS <centos-virt at centos.org>
Subject: Re: [CentOS-virt] Selinux Problem

On Thu, Jan 26, 2017 at 8:08 PM, Günther J. Niederwimmer <gjn at gjn.priv.at> wrote:
> Hello,
>
> Am Donnerstag, 26. Januar 2017, 10:54:20 CET schrieb Johnny Hughes:
>> On 01/26/2017 10:06 AM, Günther J. Niederwimmer wrote:
>> > Hello,
>> >
>> > CentOS 7.(3) Xen 4.4,
>> >
>> > Can I find any Doc for selinux with XEN, I found many Problems with 
>> > selinux on Dom0 ?
>> >
>> > Or have I to disable selinux when I install XEN.
>> >
>> > Thank's for a answer.
>>
>> We have not tried to make xen work with selinux on Dom0 .. in fact 
>> our
>> documentation:
>>
>> https://wiki.centos.org/Manuals/ReleaseNotes/Xen4-01
>>
>>  says:
>>
>> SELinux support is disabled, and you might need to disable SELinux on 
>> the dom0 for some operations; primarily when using qemu-xen and 
>> blktap backed storage.
>
> This is not the best Situation, but when I have no other way I have to 
> disable selinux :-(.

I think that comment may be a little old.  I do try to support SELinux
-- the smoke tests I use before pushing changes have it enabled by default, and they use both qemu-xen and blktap.

But it's difficult to help debug problems when you haven't even said what problem(s) you're having. :-)

Please be sure to include the output of `dmesg`, `xl dmesg`, your xl.cfg, and /var/log/audit/audit.log.

Thanks,
 -George
_______________________________________________
CentOS-virt mailing list
CentOS-virt at centos.org
https://lists.centos.org/mailman/listinfo/centos-virt



More information about the CentOS-virt mailing list