If I install Xenner on F10, the xenstored does not start due to SElinux denials. As soon as I switch to 'permissive',all services start as expected. Raw SElinux log messages from setroubleshoot: node=ws2.schwarz.lokal type=AVC msg=audit(1230394606.979:9): avc: denied { write } for pid=4776 comm="xenstored" name="evtchnd" dev=dm-0 ino=1086154 scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file node=ws2.schwarz.lokal type=AVC msg=audit(1230394606.979:9): avc: denied { connectto } for pid=4776 comm="xenstored" path="/var/run/evtchnd" scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket node=ws2.schwarz.lokal type=SYSCALL msg=audit(1230394606.979:9): arch=c000003e syscall=42 success=yes exit=0 a0=b a1=7ffff0d93d80 a2=6e a3=37d4d6da70 items=0 ppid=1 pid=4776 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xenstored" exe="/usr/sbin/xenstored" subj=system_u:system_r:xenstored_t:s0 key=(null) Using audit2allow I get this policies: #============= xenstored_t ============== allow xenstored_t initrc_t:unix_stream_socket connectto; allow xenstored_t self:capability sys_tty_config; allow xenstored_t self:tcp_socket create; allow xenstored_t var_run_t:sock_file write; How reproducible: Always Steps to Reproduce: 1. Install F10 2. yum install xenner 3. reboot system Actual results: Some Xen services (xenstored) don't start if SElinux is enforcing.
*** This bug has been marked as a duplicate of bug 450723 ***