Description of problem:
 If you install FC5+xen, keeping selinux turned on and try to run xen kernels
without pygrub (Eg. from jailtime.org) ... you get the message:

Error: Error creating domain: Kernel image does not exist:
/boot/vmlinuz-2.6.15-1.33_FC5guest

...this is because of these AVC messages:

audit(1144393234.651:70): avc:  denied  { search } for  pid=2490 comm="python"
name="/" dev=hda1 ino=2 scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
audit(1144393234.651:71): avc:  denied  { getattr } for  pid=2490 comm="python"
name="vmlinuz-2.6.16-1.2080_FC5xenU" dev=hda1 ino=6053
scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:boot_t:s0
tclass=file
audit(1144393234.659:72): avc:  denied  { read } for  pid=2490 comm="python"
name="vmlinuz-2.6.16-1.2080_FC5xenU" dev=hda1 ino=6053
scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:boot_t:s0
tclass=file

...I'm making this high severity because as a Red Hat employee I spent _hours_
trying to work out why our Xen install didn't work with other people's Xen
images (assuming it was a Xen problem) and spoke with several RH people who
probably all think I'm on crack (and are presumably running without selinux
*sigh*) ... at the end I happened to look at dmesg for some other reason and saw
the audit messages.

Version-Release number of selected component (if applicable):
% rpm -q kernel-xen0 selinux-policy-targeted
kernel-xen0-2.6.16-1.2080_FC5
selinux-policy-targeted-2.2.25-2.fc5