WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen & SELINUX: how disable in guest?

from [Sadique Puthen] [Permanent Link][Original]
To: Veniamin Konoplev <V.Konoplev@xxxxxxx>
Subject: Re: [Xen-users] Xen & SELINUX: how disable in guest?
From: Sadique Puthen <sputhenp@xxxxxxxxxx>
Date: Mon, 05 May 2008 12:12:04 +0530
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 04 May 2008 23:42:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1829710941.20080429125024@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1829710941.20080429125024@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.12 (X11/20080226) 
Veniamin Konoplev wrote:

Hello all!

I try to boot the guest VM in native EL5.1 dom0.

Kernel for guest domain I took from source compiled Xen distributions
since native EL5.1 kernel being tired as guest did not see root
partition at all.

SELinux enforcing is disabled in the dom0:


[root@mbone ~]# getenforce
Permissive


Configuration file for guest domain has parameter to disable selinux:


[root@mbone ~]# grep extra /etc/xen/xm-test
# You can use 'extra' to set the runlevel and custom environment
extra = "4 enforcing=0"
If you are using "pygrub" as bootloader to load the xenified kernel and initrd image from within the guest which is the default setup in RHEL and Centos rather than passing a xenified kernel and initrd image from the dom0, passing kernel parameters using extra = would not work. You should do "xm create -c <guest>" and edit the kernel line in the grub and pass selinux=0 for this to work. HTH 

--Sadique



But I still get errors from SELinux:


[root@mbone ~]# xm create -c /etc/xen/xm-test
Using config file "/etc/xen/xm-test".
Started domain ExampleDomain
Linux version 2.6.18-xen (root@jig) (gcc version 3.4.6 20060404 (Red Hat 
3.4.6-8)) #12 SMP Thu Nov 29 11:53:14 MSK 2007
...
VFS: Mounted root (ext3 filesystem) readonly.
Freeing unused kernel memory: 184k freed
Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.
Kernel panic - not syncing: Attempted to kill init!


Config string like 'extra = "4 selinux=1 enforce=0"' produce the same
result.

What is wrong?

Thanks in advance.

--
Veniamin.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Xen-users] Xen & SELINUX: how disable in guest?, Sadique Puthen <=
Previous by Date:  [Xen-users] Changing subnet mask doesn not work, bala subramanyam vemu
Next by Date:  Re: [Xen-users] Do I need portmap, haldeamon & xfs running on dom0?, Sadique Puthen
Previous by Thread:  [Xen-users] Changing subnet mask doesn not work, bala subramanyam vemu
Next by Thread:  [Xen-users] New Community Security Email Address, Stephen Spector
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy