Bug 1055170
| Summary: | SELinux is preventing qemu:CentOS from 'write' accesses on the blk_file /dev/dm-10. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mateusz Marzantowicz <mmarzantowicz> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:01f5ef5d9bd8f8348973a4bcc31671aa42fe9339454d9756893a6d3382e346c5 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-19 19:56:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: It happened after updating selinux-policy-targeted to selinux-policy-targeted-3.12.1-117.fc20.noarch. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport *** This bug has been marked as a duplicate of bug 1055168 *** |
Description of problem: It happened after updating selinux-policy-targeted to selinux-policy-targeted-3.12.1-117.fc20.noarch. SELinux is preventing qemu:CentOS from 'write' accesses on the blk_file /dev/dm-10. ***** Plugin catchall (100. confidence) suggests ************************** If aby qemu:CentOS powinno mieć domyślnie write dostęp do dm-10 blk_file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep qemu:CentOS /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context system_u:system_r:svirt_t:s0:c357,c850 Target Context system_u:object_r:fixed_disk_device_t:s0 Target Objects /dev/dm-10 [ blk_file ] Source qemu:CentOS Source Path qemu:CentOS Port <Unknown> Host (removed) Source RPM Packages qemu-system-x86-1.6.1-3.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-117.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.12.7-300.fc20.x86_64 #1 SMP Fri Jan 10 15:35:31 UTC 2014 x86_64 x86_64 Alert Count 4 First Seen 2014-01-19 12:36:49 CET Last Seen 2014-01-19 12:37:14 CET Local ID 2718f684-5203-491e-8c02-b286cb010bed Raw Audit Messages type=AVC msg=audit(1390131434.659:2406): avc: denied { write } for pid=4489 comm="qemu:CentOS" path="/dev/dm-10" dev="devtmpfs" ino=16270 scontext=system_u:system_r:svirt_t:s0:c357,c850 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file type=SYSCALL msg=audit(1390131434.659:2406): arch=x86_64 syscall=io_submit success=yes exit=EPERM a0=7fe1cadf2000 a1=1 a2=7fe1cede34d0 a3=8 items=0 ppid=1 pid=4489 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 ses=4294967295 tty=(none) comm=qemu:CentOS exe=/usr/bin/qemu-system-x86_64 subj=system_u:system_r:svirt_t:s0:c357,c850 key=(null) Hash: qemu:CentOS,svirt_t,fixed_disk_device_t,blk_file,write Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport