# semanage fcontext -a -t xen_image_t -f -b /dev/sda2 # restorecon /dev/sda2
xend_disable_tcan set the
xendto unconfined mode after restarting the daemon. It is better to disable protection for a single daemon than the whole system. It is advisable that you should not re-label directories as
xen_image_tthat you will use elsewhere.
There are several SELinux booleans which affect KVM. These booleans are listed below for your convenience.
|allow_unconfined_qemu_transition||Default: off. This boolean controls whether KVM guests can be transitioned to unconfined users.|
|qemu_full_network||Default: on. This boolean controls full network access to KVM guests.|
|qemu_use_cifs||Default: on. This boolean controls KVM's access to CIFS or Samba file systems.|
|qemu_use_comm||Default: off. This boolean controls whether KVM can access serial or parallel communications ports.|
|qemu_use_nfs||Default: on. This boolean controls KVM's access to NFS file systems.|
|qemu_use_usb||Default: on. This boolean allows KVM to access USB devices.|