Oh, well... It turns out that just to do 'chcon -t context /dev/mapper/volume' is not enough, the security context will be reset to default one at the next reboot. To make it permanent we need to use: # semanage fcontext -a -t virt_image_t /dev/mapper/volume
But, at the moment it is impossible to put it to the sub_process.call() just because the execution of semanage tool will be prohibited be SELinux rules. The script, that executes semanage should have the appropriate context='semanage_t' as well... Futhermore, because of implementation, selinux wants this context on %HOME%/.koan and/or %HOME%/.koan/koan.log that means crap,.... Ohh .... does this ring the bell to anybody? Will try to invent something ... But, anyway, we must to let users of selinux systems know, that making the context to LVM partition is necessary, by semanage tool. -- Anton _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
