[Fedora-xen] Re: DomU boot on Fedora 6 fails with 'no root found' error.

Daniel P. Berrange berrange at redhat.com
Wed Jan 31 20:42:57 UTC 2007 

On Wed, Jan 31, 2007 at 03:39:08PM -0500, Bill Davidsen wrote:
> K T Ligesh wrote:
> >On Wed, Jan 31, 2007 at 01:40:58PM -0500, Bill Davidsen wrote:
> >  
> >>And at some point will xen and selinux be compatible? I have everything 
> >>in the "right" place, but it still doesn't work.
> >>
> >>    
> >
> > Forget selinux. Just disable it. I mean, you think of security only after 
> > the bleeding stops, your wounds have healed. (The bleeding that comes 
> > from banging your head on the keyboard in frustration). Since this is xen 
> > only mailinglist, I think we can talk about the situation with selinux 
> > disabled. 
> I bet you have the same eye-level bloody dent in your wall that I do ;-)
> > Anyway, won't a setenforce 0, completely disable the damn thing? At least 
> > it says so as the output of the command.
> 
> That's true, but I regard "turn off security" in the same light as "run 
> setuid root so you bypass all that permissions stuff." And at least some 
> of the places I could use this require selinux. setenforce doesn't 
> disable it, just sets it advisory, which means it still fails and tells 
> you there's no such file as <whatever> when there is, just where it 
> should be. Daniel keeps telling me it works for him, so it's some 
> failure of understanding.

If you see 'AVC' denial messages in /var/log/messages or /var/log/audit/audit.log
when creating your Xen guest, do file them in BugZilla against Xen. If it
does turn out to be a SELinux policy problem, we can usually get very fast 
turn around on policy updates, because as you say - being able to run with
SELinux enabled is a very valuable security measure.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the Fedora-xen mailing list