At https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Virtualization_Guide/ch-virt-selinux-considerations.html there is a recipie for making a block device (such as a logical volume) ready for xen guest usage. One of the steps is described as: semanage fcontext -a -t xen_image _t -f -b /dev/sda2 However, the space between "xen_image" and "_t" makes the command fail, and the problem is hard to spot.
This bug has occurred in an older version of the Virtualization Guide. The new version of the Red Hat Enterprise Linux Virtualization Guide will not be based on this version. The Virtualization Guide will be rewritten and re-based off the present Virtualization Cookbook. We may not have time to fix this bug in previous versions.
This bug was recently closed, assumingly because the latest version of the virtualization guide was fixed. However, the exact same bug exists in the later version of the guide! (This time, the relevant section is numbered 29.9): https://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Virtualization/sect-Virtualization-How_To_troubleshoot_Red_Hat_Virtualization-SELinux_considerations.html Please: It's a one-character fix, which can really save time people who aren't proficient in SELinux.
Turns out this isn't the right way to manage SELinux contexts with virtualization. The entire section is being rewritten. Thank you for your diligence in spotting the bug, twice :)