Description of problem: If you install FC5+xen, keeping selinux turned on and try to run xen kernels without pygrub (Eg. from jailtime.org) ... you get the message: Error: Error creating domain: Kernel image does not exist: /boot/vmlinuz-2.6.15-1.33_FC5guest ...this is because of these AVC messages: audit(1144393234.651:70): avc: denied { search } for pid=2490 comm="python" name="/" dev=hda1 ino=2 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir audit(1144393234.651:71): avc: denied { getattr } for pid=2490 comm="python" name="vmlinuz-2.6.16-1.2080_FC5xenU" dev=hda1 ino=6053 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=file audit(1144393234.659:72): avc: denied { read } for pid=2490 comm="python" name="vmlinuz-2.6.16-1.2080_FC5xenU" dev=hda1 ino=6053 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=file ...I'm making this high severity because as a Red Hat employee I spent _hours_ trying to work out why our Xen install didn't work with other people's Xen images (assuming it was a Xen problem) and spoke with several RH people who probably all think I'm on crack (and are presumably running without selinux *sigh*) ... at the end I happened to look at dmesg for some other reason and saw the audit messages. Version-Release number of selected component (if applicable): % rpm -q kernel-xen0 selinux-policy-targeted kernel-xen0-2.6.16-1.2080_FC5 selinux-policy-targeted-2.2.25-2.fc5
fixed in selinux-policy-2.2.38-1.FC5.
I'll close this, although given that you hit BZ#184393 immediately it's still kind of broken :).