As far as it goes for RHEV: - Virtual machine migration will fail if migrating from a hypervisor with SELinux enabled to one with SELinux disabled - A virtual machine previously started on a hypervisor with SELinux enabled will not start on a hypervisor with SELinux disable. RHEV manages the SELinux configuration on RHEV Hypervisors in a persistent state, SELinux is enabled by default. You'll need to run sestatus as a superuser on each host in the cluster and observe the output, evaluate each host in the cluster to make sure the setting for "SELinux status" is consistent. Regards, Yanir Quinn On Sat, Jul 29, 2017 at 12:21 AM, Bill James <bill.james@j2.com> wrote:

I was hoping to migrate my systems to using selinux gradually. I added 3 new nodes with selinux in permissive mode. Migration fails to any of the previous hosts that currently have selinux disabled. Is it an all or nothing deal? Obviously not easy to reboot all nodes at once.

2017-07-28 09:35:43,616 ERROR (migsrc/8c566813) [virt.vm] (vmId='8c566813-4bee-4f04-be23-c9fc10e1e1f2') unsupported configuration: Unable to find security driver for model selinux (migration:265) 2017-07-28 09:35:43,641 ERROR (migsrc/8c566813) [virt.vm] (vmId='8c566813-4bee-4f04-be23-c9fc10e1e1f2') Failed to migrate (migration:405) Traceback (most recent call last):

ovirt-engine-4.1.0.4-1.el7.centos.noarch libselinux-utils-2.5-6.el7.x86_64

related: http://lists.ovirt.org/pipermail/users/2016-October/076878.html

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users