SELinux



  • Are there any plans to do what Citrix won't and actually enable SELinux by default?
    It's a pretty basic security measure at this point and it's kind of odd that a hypervisor of all things would explicitly disable it instead of working with it.

    If it's been looked at, what is preventing it from happening now?


  • XCP-ng Team

    1. I have no idea, ask Citrix: https://bugs.xenserver.org
    2. Well, Xen isn't Linux. It's a micro kernel booting first then having a privileged domain to administrate VMs. So there is still some CPU/memory isolation on Xen level that isn't required in the dom0 itself.

    But I can't tell more if there is specific reasons, Citrix has the answer.


Log in to reply
 

XCP-ng Pro Support

XCP-ng Pro Support