Bug 1141228
| Summary: | --attach doesn't work with SELinux | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Tomko <jtomko> |
| Component: | virt-viewer | Assignee: | Virt Viewer Maint <virt-viewer-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | berrange, dblechte, dwalsh, dyuan, eparis, fidencio, jtomko, juzhou, mgrepl, mmalik, mzhan, pmoore, rbalakri, sdsmall, tzheng, virt-bugs, ydu, zhwang |
| Target Milestone: | rc | Keywords: | Reopened |
| Target Release: | 7.2 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | virt-viewer-2.0-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 999926 | Environment: | |
| Last Closed: | 2015-11-19 07:34:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 999926, 1181288 | ||
| Bug Blocks: | |||
|
Description
Ján Tomko
2014-09-12 13:27:03 UTC
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. Patch was pushed upstream but, the fix itself, depends on libvirt 1.2.8. Environment setup:
# getenforce
Enforcing
I can reproduce this issue with package:
libvirt-1.2.16-1.el7.x86_64
virt-viewer-0.6.0-12.el7.x86_64
Steps to reproduce:
# virt-viewer -c qemu:///session --debug --attach rhel7.1
...
Get audit.log:
# cat /var/log/audit/audit.log |grep -i AVC
type=AVC msg=audit(1435047455.297:1367): avc: denied { setopt } for pid=21672 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c10,c912 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=AVC msg=audit(1435047455.297:1368): avc: denied { getattr } for pid=21672 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c10,c912 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=AVC msg=audit(1435047455.297:1369): avc: denied { getattr } for pid=21672 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c10,c912 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=AVC msg=audit(1435047455.297:1370): avc: denied { getattr } for pid=21672 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c10,c912 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=AVC msg=audit(1435047455.297:1371): avc: denied { getattr } for pid=21672 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c10,c912 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
Then try to verify this bug with new build:
libvirt-1.2.16-1.el7.x86_64
virt-viewer-2.0-3.el7.x86_64
Steps to verify:
# virt-viewer -c qemu:///session --debug --attach rhel7.1
...
# cat /var/log/audit/audit.log |grep -i AVC
Result: There is no AVC info in audit.log.
So move this bug from ON_QA to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2211.html |