Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 316338 Details for
Bug 454893
SELinux is preventing qemu-kvm (qemu_t) "getattr" to /dev/mapper/vgcrypt-f932 (fixed_disk_device_t).
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
New sealert message for this avc.
sealert.html (text/html), 2.93 KB, created by
Daniel Walsh
on 2008-09-10 17:59:19 UTC
(
hide
)
Description:
New sealert message for this avc.
Filename:
MIME Type:
Creator:
Daniel Walsh
Created:
2008-09-10 17:59:19 UTC
Size:
2.93 KB
patch
obsolete
>found 1 alerts in qemu_blk_image.log >-------------------------------------------------------------------------------- > > >Summary: > >SELinux is preventing qemu (qemu-kvm) "read" to HelpdeskRHEL4-RHEL4.x86_64 >(fixed_disk_device_t). > >Detailed Description: > >SELinux denied qemu access to the block device HelpdeskRHEL4-RHEL4.x86_64. If >this is a virtualization image, it needs to be labeled with a virtualization >file context (virt_image_t). You can relabel HelpdeskRHEL4-RHEL4.x86_64 to be >virt_image_t using chcon. You also need to execute semanage fcontext -a -t >virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64' to add this new path to the system >defaults. If you did not intend to use HelpdeskRHEL4-RHEL4.x86_64 as a qemu >image it could indicate either a bug or an intrusion attempt. > >Allowing Access: > >You can alter the file context by executing chcon -t virt_image_t >'HelpdeskRHEL4-RHEL4.x86_64' You must also change the default file context files >on the system in order to preserve them even on a full relabel. "semanage >fcontext -a -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64'" > >Fix Command: > >chcon -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64' > >Additional Information: > >Source Context system_u:system_r:qemu_t:s0 >Target Context system_u:object_r:fixed_disk_device_t:s0 >Target Objects HelpdeskRHEL4-RHEL4.x86_64 [ blk_file ] >Source qemu-kvm >Source Path /usr/bin/qemu-kvm >Port <Unknown> >Host dhcppc2 >Source RPM Packages kvm-74-2.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.5.7-1.fc10 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name qemu_blk_image >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.27-0.305.rc5.git6.fc10.x86_64 #1 SMP Thu Sep 4 > 21:42:09 EDT 2008 x86_64 x86_64 >Alert Count 1 >First Seen Tue Jul 22 08:19:48 2008 >Last Seen Tue Jul 22 08:19:48 2008 >Local ID a9eec542-1f2b-4269-a0ce-5c83b6ed66be >Line Numbers 1 > >Raw Audit Messages > >host=dhcppc2 type=AVC msg=audit(1216729188.853:241): avc: denied { read } for pid=14066 comm="qemu-kvm" name="HelpdeskRHEL4-RHEL4.x86_64" dev=tmpfs ino=333 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file host=dhcppc2 type=SYSCALL msg=audit(1216729188.853:241): arch=c000003e syscall=2 success=no exit=-13 a0=7fff6f654680 a1=0 a2=1a4 a3=3342f67a70 items=0 ppid=2953 pid=14066 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:qemu_t:s0 key=(null) > > >
found 1 alerts in qemu_blk_image.log -------------------------------------------------------------------------------- Summary: SELinux is preventing qemu (qemu-kvm) "read" to HelpdeskRHEL4-RHEL4.x86_64 (fixed_disk_device_t). Detailed Description: SELinux denied qemu access to the block device HelpdeskRHEL4-RHEL4.x86_64. If this is a virtualization image, it needs to be labeled with a virtualization file context (virt_image_t). You can relabel HelpdeskRHEL4-RHEL4.x86_64 to be virt_image_t using chcon. You also need to execute semanage fcontext -a -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64' to add this new path to the system defaults. If you did not intend to use HelpdeskRHEL4-RHEL4.x86_64 as a qemu image it could indicate either a bug or an intrusion attempt. Allowing Access: You can alter the file context by executing chcon -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64'" Fix Command: chcon -t virt_image_t 'HelpdeskRHEL4-RHEL4.x86_64' Additional Information: Source Context system_u:system_r:qemu_t:s0 Target Context system_u:object_r:fixed_disk_device_t:s0 Target Objects HelpdeskRHEL4-RHEL4.x86_64 [ blk_file ] Source qemu-kvm Source Path /usr/bin/qemu-kvm Port <Unknown> Host dhcppc2 Source RPM Packages kvm-74-2.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.7-1.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name qemu_blk_image Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.27-0.305.rc5.git6.fc10.x86_64 #1 SMP Thu Sep 4 21:42:09 EDT 2008 x86_64 x86_64 Alert Count 1 First Seen Tue Jul 22 08:19:48 2008 Last Seen Tue Jul 22 08:19:48 2008 Local ID a9eec542-1f2b-4269-a0ce-5c83b6ed66be Line Numbers 1 Raw Audit Messages host=dhcppc2 type=AVC msg=audit(1216729188.853:241): avc: denied { read } for pid=14066 comm="qemu-kvm" name="HelpdeskRHEL4-RHEL4.x86_64" dev=tmpfs ino=333 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file host=dhcppc2 type=SYSCALL msg=audit(1216729188.853:241): arch=c000003e syscall=2 success=no exit=-13 a0=7fff6f654680 a1=0 a2=1a4 a3=3342f67a70 items=0 ppid=2953 pid=14066 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:qemu_t:s0 key=(null)
View Attachment As Raw
Actions:
View
Attachments on
bug 454893
:
316338
|
316341