19.9. SELinux Considerations
This sections contains things to you must consider when you
implement SELinux into your Red Hat Virtualization
environment. When you deploy system changes or add devices, you
must update your SELinux policy accordingly. To configure an LVM
volume for a guest, you must modify the SELinux context for the
respective underlying block device and volume group.
# semanage fcontext -a -t xen_image _t -f -b /dev/sda2
# restorecon /dev/sda2
The boolean parameter xend_disable_trans put xend in unconfined mode
after restarting the daemon. It is better to disable protection for a single daemon
than the whole system. It is advisable that you should not re-label directories as
xen_image_t that you will use elsewhere.