New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Does enabling SELinux "enforcing" in KVM host causing problems in the guests ?
Jason4Ever
Member
in Providers
Hi,
I've KVM hypervisor with (Software Raid1) and i've few created VMs .. Does Enabling "SELinux" IN the host affects badly on Raid1 and The guests (VMs) ? or there is no relation?
Is it a recommened approach?
Comments
RedHat docs
RedHat docs 2
@FHR, you are asking someone to read.
That is classified as mild torture in modern era. He just wants a yes or no.
@Jason4Ever It is easy enough to enable/disable SELinux. Enable it, do a benchmark, disable it, do a benchmark. SELinux shouldn't have a horribly notable impact (1-3%), but science it and report back.
KVM guests should not be affected by the host's SELinux configuration.
SELinux is an RBAC system where access to the system is controlled by a specific set of rules. I mean, if qemu-x86_64 can start a KVM guest with proper network I/O and disk access, I'm pretty sure at that point the rest of the SELinux configs won't matter.