[fedora-virt] Fedora virtualization -- comments and questions
Gene Czarcinski
gene at czarc.net
Thu Jun 25 17:30:04 UTC 2009
On Thursday 25 June 2009 13:13:08 Robert L Cochran wrote:
> On 06/25/2009 12:36 PM, Gene Czarcinski wrote:
> > On Thursday 25 June 2009 12:17:52 Thomas Sjolshagen wrote:
> >
> >
> >> Quoting Gene Czarcinski<gene at czarc.net>:
> >>
> >>
> >>> As far as SELinux goes, I read (somewhere in documentation) that a)
> >>> iso images
> >>> had to be under /var/lib/libvirt/images and that b) the SELinux
> >>> context values
> >>> would be set to "virt_image_t". This may not be the way the software
> >>> actual works but this is what is described in some related
> >>> documentation.
> >>
> >> Considering the uniqueness of this setup, maybe it makes more sense to
> >> simply disable SELinux and thus avoid labeling issues altogether?
> >>
> >
> > I DO NOT consider this an option. If things do not work with respect to
> > SELinux it is either a bug or I do not understand something.
> >
>
> These days, SELinux works so well that I can pretty much run in
> enforcing mode and not realize it -- it just works. I did have small
> problems with passing USB devices through to virtual guests, and some of
> the newer apps like puppet which are not virtualization related. I filed
> bugs. Dan Walsh responds to bug reports very quickly and often suggests
> a workaround fix. I can't really see SELinux as a big issue.
Agreed most emphatically!!! Someone suggesting turning off SELinux gets my
blood pressure rising!
Gene
More information about the Fedora-virt
mailing list