Installation guide
Chapter 16. Security for virtualization
132
# lvcreate -n NewVolumeName -L 5G volumegroup
2. Format the NewVolumeName logical volume with a file system that supports extended attributes,
such as ext3.
# mke2fs -j /dev/volumegroup/NewVolumeName
3. Create a new directory for mounting the new logical volume. This directory can be anywhere on
your file system. It is advised not to put it in important system directories (/etc, /var, /sys) or in
home directories (/home or /root). This example uses a directory called /virtstorage
# mkdir /virtstorage
4. Mount the logical volume.
# mount /dev/volumegroup/NewVolumeName /virtstorage
5. Set the correct SELinux type for the libvirt image folder.
# semanage fcontext -a -t virt_image_t "/virtstorage(/.*)?"
If the targeted policy is used (targeted is the default policy) the command appends a line to the /
etc/selinux/targeted/contexts/files/file_contexts.local file which makes the
change persistent. The appended line may resemble this:
/virtstorage(/.*)? system_u:object_r:virt_image_t:s0
6. Run the command to change the type of the mount point (/virtstorage) and all files under it to
virt_image_t (the restorecon and setfiles commands read the files in /etc/selinux/
targeted/contexts/files/).
# restorecon -R -v /virtstorage
Testing new attributes
Create a new file (using the touch command) on the file system.
# touch /virtstorage/newfile
Verify the file has been relabeled using the following command:
# sudo ls -Z /virtstorage
-rw-------. root root system_u:object_r:virt_image_t:s0 newfile
The output shows that the new file has the correct attribute, virt_image_t.