KVM image problems
Daniel J Walsh
dwalsh at redhat.com
Wed Jun 25 11:24:01 UTC 2008
Adam Huffman wrote:
> Daniel P. Berrange wrote:
>> On Tue, Jun 24, 2008 at 12:57:20PM +0100, Adam Huffman wrote:
>>
>>> Having applied Dan Walsh's suggested fix for a SpamAssassin problem,
>>> I'm now seeing errors when running a virtual machine via KVM.
>>>
>>> The image was created in virt-install quite a while ago:
>>>
>>> -rwxr-xr-x root root system_u:object_r:xen_image_t XP1
>>>
>>> However, after changing to enforcing mode I saw lots of these errors:
>>>
>>
>> Xen is not KVM.
>>
>> Your image has the xen_image_t label because its in /var/lib/xen/images
>>
>>
> Yes, I always found that location a bit odd, but that's where I was told
> to put them
> the last time I had similar trouble (i.e. if I didn't put them in
> /var/lib/xen/images, they wouldn't
> pick up the right context).
>
>> By default KVM images live in /var/lib/libvirt/images/ and have
>> virt_image_t label. Xen probably ought to be allowed to read virt_image_t
>> and then we should change /var/lib/xen/images/ to also be virt_image_t
>> and get rid of xen_image_t. It is not nice to have different labels and
>> locations for different virt technology. So we should make sure
>> everything
>> is using the generic virt_image_t
>>
>>
>
> That would be simpler, yes.
>> In the meantime you can either move your images or relabel them to be
>> virT_image_t for use with KVM
>>
>>
> Yes, I've relabeled and that seems to have worked for now.
>
> On a related point, will I need to apply virt_image_t to .iso files I'm
> mounting in
> these VMs?
>
> Thanks,
> Adam
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No just image files.
More information about the fedora-selinux-list
mailing list