Red Hat Bugzilla – Bug 161195
xend conflicts with selinux (targeted) when booting file-backed domains
Last modified: 2007-11-30 17:11:08 EST
Description of problem:
Since i upgraded FC3-->FC4, i cannot boot file-backed xen domUs when selinux
(targeted policy) is active.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
xm create $domain-config
[root@crusher ~]# xm create -c bering
Using config file "/etc/xen/bering".
Error: Error creating domain: vbd: Segment not found:
[root@crusher ~]# dmesg
# see attachment.
The domain "bering" boots
If i want to boot a file backed domain ("disk: ['file:...' ]"), i have two
workarounds: disabling selinux ("setenforce 0") or changing the domains config
disk = [ 'file:/var/bering.ext2,hda1,w' ]
disk = [ 'phy:/dev/loop0,hda1,w' ]
and doing the "losetup /dev/loop0 /var/bering.ext2" myself before the
"xm create". I still get lots of selinux denies, but it nevertheless works,
As the manual "losetup" failed, too due to selinux denies before i upgraded
today to selinux-policy-targeted-1.23.18-12, i thought this is bug #160755,
but now the manual losetup works while the xend-automated losetup fails. So
i set up this bugreport.
Created attachment 115741 [details]
dmesg full of selinux denies after "xm create"
On current rawhide, this should work OK --- can you please test if the problem
Should currently work upstream; please re-open if the issues persists.