Why Selinux is off for Cloudmin Xen and Cloudmin OpenVz, but on for Cloudmin KVM?

On http://www.virtualmin.com/documentation/cloudmin/virtualization/openvz and http://www.virtualmin.com/documentation/cloudmin/virtualization/xen it is clearly stated SELINUX should be disabled, however there is no similar instructions on http://www.virtualmin.com/documentation/cloudmin/virtualization/kvm. In fact, clean Cloudmin setup on CentOS 6.3, shows it is enforced:

sestatus | grep -i mode Current mode: enforcing Mode from config file: enforcing

So I wonder what are the differences between different types of virtualization technologies, that Selinux policy should be different and what kind of issues enforced Selinux could possible cause on KVM?


Well, KVM is the only one of those that’s natively supported by CentOS 6.

So there’s likely an SELinux policy setup for KVM, but not for Xen or OpenVZ.

My guess is that on CentOS 5, Jamie had run into some problems with SELinux during testing, that he didn’t run into with the newer KVM support.


Thanks Eric.

In this case might it be that additional tests on Cloudmin CentOS could identify SELINUX caused problems in KVM setups too? The issue with working guests and totally blocked host described on https://www.virtualmin.com/node/25189 coming back on us on OVH server. We turned off SELINUX for now and running ok for already 6 hours with various tests just fine. Though I am not 100% sure the cause is SELINUX.