Description of problem: Whenever I start a Xen domain created using virt-install, there are SELinux denials. Version-Release number of selected component (if applicable): net-tools-1.60-73 How reproducible: Every time Steps to Reproduce: 1. Start a Xen domain 2. 3. Actual results: SELinux denials reported (I'm in permissive mode at the moment, until these problems are resolved) Expected results: Domain starts normally Additional info:
Created attachment 145604 [details] Error report via setroubleshoot
Did this actually block something from working? If you try this in enforcing mode do you see errors? This looks like xen is leaking an open descriptor to the xen_image_t file. There is no reason ifconfig should ever need to read/write this disk image. I believe this should work in enforcing mode.
Yes, there are errors when running in enforcing mode, though things do appear to be working.
QEMU was leaking file handles to the networking scripts which caused SELinux errors. This was fixed in Xen 3.0.3-7.fc6 * Tue Mar 6 2007 Daniel P. Berrange <berrange> - 3.0.3-7.fc6 - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634) - Fix ia64 shadow page table mode - Close QEMU file handles when running network script Please upgrade & confirm that the errors went away.
Yes, this indeed seems to be fixed in xen-3.0.3-8.fc6 (-: