Problem with Xen and SElinux (FC6).

[Daniel J Walsh]

Malcolm Northcott wrote:
> I tried installing XEN while running SElinux in enforcing mode, probably
> not a good idea but....
> When I tried creating the first virtual machine (using virt-manager), I
> got an SELinux error flagged in setroubleshooter. I compounded my errors
> by applying the fix suggested in setroubshooter (basically relabelling
> the /lib directory if my memory serves). This generated about 70 more se
> errors before I could get to the ^C keys.
> Now on reboot I get the following error which pops me in to the fsck
> shell.
>
> /sbin/dmsetup error while loading shared libraries libdevmapper.so.1.0.2
>
> If I apply the grub option selinux=0 the system boots just fine, but of
> course selinux is disabled.
>
> I tried disabling selinux from the GUI, reboot, re-enable reboot. I was
> hoping the re-label on re-enable would fix the issue, but the system
> does not boot far enough to get to the relabeling phase. 
>
> Can anyone tell me how to fix the selinux setup so that it can be
> re-enabled?
> 	Thanks,
> 		Mal.
>
> Im running a fully updated FC6 on Core 2 Duo 6600/Asus P5W motherboard,
> which works great except for having nothing in /proc/acpi/thermal_zone.
>
>
>   
Lets take a step back.  

You have made sure your dom0 machine is labeled correctly?

Please make sure you have the latest selinux-policy installed on your 
FC6 box.


Where are you trying to create the xen image file?  This file needs to 
be labeled xen_image_t.
I think the new default location for this is /var/lib/xen/images?  It 
used to be in /xen.

If you create the xen image file in /var/lib/xen  it should get the 
default label xen_image_t.  If you want this in a different path, you 
will need to execute the following command

chcon -t xen_image_t PATHTOXENIMAGE

The xen tools will eventually do this for you. Hopefully?

If you have other AVC messages please attach.


Dan