Attachment 575175 Details for Bug 734281 – setroubleshoot output

setroubleshoot output

selinux-virt.txt (text/plain), 3.52 KB, created by Luke Macken on 2012-04-04 15:34:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Luke Macken

Created: 2012-04-04 15:34:36 UTC

Size: 3.52 KB

patch

obsolete

>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         3.3.0-8.fc17.x86_64
>time:           Wed 04 Apr 2012 11:32:43 AM EDT
>
>description:
>:SELinux is preventing /usr/bin/qemu-kvm from 'write' accesses on the file /home/lmacken/.libvirt/qemu/log/Fedora-17-Beta-x86_64-Live-XFCE.iso.log.
>:
>:*****  Plugin leaks (86.2 confidence) suggests  ******************************
>:
>:If you want to ignore qemu-kvm trying to write access the Fedora-17-Beta-x86_64-Live-XFCE.iso.log file, because you believe it should not need this access.
>:Then you should report this as a bug.  
>:You can generate a local policy module to dontaudit this access.
>:Do
>:# grep /usr/bin/qemu-kvm /var/log/audit/audit.log | audit2allow -D -M mypol
>:# semodule -i mypol.pp
>:
>:*****  Plugin catchall (14.7 confidence) suggests  ***************************
>:
>:If you believe that qemu-kvm should be allowed write access on the Fedora-17-Beta-x86_64-Live-XFCE.iso.log file by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                system_u:system_r:svirt_t:s0:c682,c986
>:Target Context                unconfined_u:object_r:virt_home_t:s0
>:Target Objects                /home/lmacken/.libvirt/qemu/log/Fedora-17-Beta-
>:                              x86_64-Live-XFCE.iso.log [ file ]
>:Source                        qemu-kvm
>:Source Path                   /usr/bin/qemu-kvm
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           qemu-system-x86-1.0-11.fc17.x86_64
>:Target RPM Packages           
>:Policy RPM                    selinux-policy-3.10.0-110.fc17.noarch
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Enforcing
>:Host Name                     (removed)
>:Platform                      Linux (removed) 3.3.0-8.fc17.x86_64 #1 SMP Thu
>:                              Mar 29 18:18:26 UTC 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 04 Apr 2012 11:32:19 AM EDT
>:Last Seen                     Wed 04 Apr 2012 11:32:19 AM EDT
>:Local ID                      2c428473-0889-4368-9241-94524fa03ae2
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1333553539.688:666): avc:  denied  { write } for  pid=24412 comm="qemu-kvm" path="/home/lmacken/.libvirt/qemu/log/Fedora-17-Beta-x86_64-Live-XFCE.iso.log" dev="dm-2" ino=1188986 scontext=system_u:system_r:svirt_t:s0:c682,c986 tcontext=unconfined_u:object_r:virt_home_t:s0 tclass=file
>:
>:
>:type=AVC msg=audit(1333553539.688:666): avc:  denied  { write } for  pid=24412 comm="qemu-kvm" path="/home/lmacken/.libvirt/qemu/log/Fedora-17-Beta-x86_64-Live-XFCE.iso.log" dev="dm-2" ino=1188986 scontext=system_u:system_r:svirt_t:s0:c682,c986 tcontext=unconfined_u:object_r:virt_home_t:s0 tclass=file
>:
>:
>:type=SYSCALL msg=audit(1333553539.688:666): arch=x86_64 syscall=execve success=yes exit=0 a0=7f53cc001980 a1=7f53cc00a780 a2=7f53cc0012c0 a3=0 items=0 ppid=1 pid=24412 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=qemu-kvm exe=/usr/bin/qemu-kvm subj=system_u:system_r:svirt_t:s0:c682,c986 key=(null)
>:
>:Hash: qemu-kvm,svirt_t,virt_home_t,file,write
>:
>:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
>:
>:
>:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
>:
>:
>
>END:
>

Actions: View

Attachments on bug 734281: 575175