Comment # 14 on bug 1228540 from Johannes Segitz 
Storing different objects in /var/lib/xen is problematic from a SELinux
perspective. Currently we have two rules:

/var/lib/xen(/.*)?             
gen_context(system_u:object_r:xend_var_lib_t,s0)
/var/lib/xen/images(/.*)?       gen_context(system_u:object_r:xen_image_t,s0)

So everything in /var/lib/xen is xend_var_lib_t apart from the images in the
images subdirectory. xenstored tries to work in this directory by creating
files like
userdata-l.1.00000000-0000-0000-0000-000000000000.domain-userdata-lock in this
directory, which fails because ATM xenstored doesn't have the necessary
permissions.

This seems to work for other distributions, so probably they configure xen
differently. We either need to adjust our xen or adjust the SELinux policy. The
latter will be quite some effort, as this requires a xen. test setup and I
don't have one or know about xen.

I'll be away for three weeks now. I'll hand this over to a colleague, but she's
also quite busy, so this might take a while if we decide to go for the policy
change

You are receiving this mail because: