Bug 1221961

Summary:	AVC while running qemu
Product:	[Fedora] Fedora	Reporter:	Sandro Bonazzola <sbonazzo>
Component:	libvirt	Assignee:	Libvirt Maintainers <libvirt-maint>
Status:	CLOSED DUPLICATE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	22	CC:	agedosier, berrange, clalancette, devin, dwalsh, itamar, jforbes, laine, libvirt-maint, mgrepl, veillard, virt-maint
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-05-18 08:25:35 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1186650

Description Sandro Bonazzola 2015-05-15 10:45:32 UTC

[root@minidell ~]# ausearch -m avc
----
time->Fri May 15 11:33:04 2015
type=AVC msg=audit(1431682384.940:1194): avc:  denied  { open } for  pid=20528 comm="qemu-system-x86" path="/dev/shm/lttng-ust-wait-5" dev="tmpfs" ino=47706 scontext=system_u:system_r:svirt_t:s0:c27,c912 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1


command line was
/usr/bin/qemu-system-x86_64 -machine accel=kvm -name HostedEngine -S -machine pc-i440fx-2.3,accel=kvm,usb=off -cpu SandyBridge -m 8192 -realtime mlock=off -smp 4,sockets=4,cores=1,threads=1 -uuid 5fa7c8be-e4f0-48c9-bacd-d09c5c06b058 -smbios type=1,manufacturer=oVirt,product=oVirt Node,version=22-0.17,serial=4C4C4544-0059-4310-8035-C4C04F595831_b8:ca:3a:76:9a:43,uuid=5fa7c8be-e4f0-48c9-bacd-d09c5c06b058 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/HostedEngine.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2015-05-15T09:32:59,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-reboot -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive file=/home/tmp72df7X/seed.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=/var/run/vdsm/storage/9311f2bf-d27d-4ff3-a032-86ddf4584920/d3661f9d-c7f7-42ff-aaf8-7a8b9c89cf26/7ac51798-e3a6-4deb-99cf-36b0addba194,if=none,id=drive-virtio-disk0,format=raw,serial=d3661f9d-c7f7-42ff-aaf8-7a8b9c89cf26,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3e:49:a2:90,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channels/5fa7c8be-e4f0-48c9-bacd-d09c5c06b058.com.redhat.rhevm.vdsm,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/5fa7c8be-e4f0-48c9-bacd-d09c5c06b058.org.qemu.guest_agent.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev socket,id=charchannel2,path=/var/lib/libvirt/qemu/channels/5fa7c8be-e4f0-48c9-bacd-d09c5c06b058.org.ovirt.hosted-engine-setup.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=org.ovirt.hosted-engine-setup.0 -chardev pty,id=charconsole0 -device virtconsole,chardev=charconsole0,id=console0 -vnc 0:0,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -msg timestamp=on

full sos report available here: https://bugzilla.redhat.com/attachment.cgi?id=1025737

Comment 1 Miroslav Grepl 2015-05-18 08:05:27 UTC

I believe it should be relabeled by libvirtd.

Comment 2 Miroslav Grepl 2015-05-18 08:25:35 UTC


*** This bug has been marked as a duplicate of bug 1221945 ***