http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_xen.patch
+ xen_stream_connect_xm(vhostmd_t)
Added an attribute xm_transition_domain which all domains that
transition to xm will get.
+ dontaudit xm_ssh_t xm_transition_domain:fifo_file
rw_inherited_fifo_file_perms;
Then basically dontaudit domains that xm transitions to.
Lots of access to handle using libvirt stuff.
Policy for using xenfs
Transitions to ptchown from xenconsoled
xenconsoled reads etc files
Sets rlimit
Allow domains to run from system_r