Bug 1276873
Summary: | SELinux is preventing qemu-system-x86 from 'read' accesses on the file c189:15. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Francesco Frassinelli (frafra) <fraph24> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 23 | CC: | davestux, dominick.grift, dwalsh, edouard, firewalkergr, javiertury, jfrieben, juliux.pigface, lnie, lucacolferai, lvrabec, mgrepl, mike, paulo.fidalgo.pt, plautrba, sheepdestroyer, v |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:ffcdb9988f16f8a88ff74a11029de7affefeac0f779825f0f0aec5a4e34acee0;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-158.24.fc23 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-29 22:52:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Francesco Frassinelli (frafra)
2015-10-31 19:22:39 UTC
Description of problem: After upgrading from Fedora 22 to 23, USB smartcard redirection is no longer working. It still possible to redirect the device manually from the virtual machine manager, but redirection saved in the machine configuration doesn't work. Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.7-300.fc23.x86_64 type: libreport Description of problem: I encounter this issue when redirecting (and performing the boot) with an usb-key, redirected from the host to the qemu-kvm guest. Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.3.3-300.fc23.x86_64 type: libreport Description of problem: tried to boot a vm from a usb stick on the host Version-Release number of selected component: selinux-policy-3.13.1-158.2.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.3.3-303.fc23.x86_64 type: libreport Description of problem: Added host USB device in Virt-Manager Version-Release number of selected component: selinux-policy-3.13.1-158.4.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.3.5-300.fc23.x86_64 type: libreport Description of problem: First, I've got a Logitech C310 webcam, which works on a Linux host flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a new USB host device, vía virt-manager GUI. When I start the virtual machine, with the command "sudo virsh start win10", this error pops up. Windows 10 doesn't detect my webcam, even with the official drivers installed. Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.2-301.fc23.x86_64 type: libreport Description of problem: I added an hos usb device but selinux is denying access. Version-Release number of selected component: selinux-policy-3.13.1-158.9.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.3-300.fc23.x86_64 type: libreport Description of problem: start a virtual machine (Win 7) get this message. from SELinux I guess accessing USB ports should be an issue Version-Release number of selected component: selinux-policy-3.13.1-158.9.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.5-300.fc23.x86_64 type: libreport Description of problem: everytime the virtual machine is started, even the policy has been executed many times... Version-Release number of selected component: selinux-policy-3.13.1-158.14.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-301.fc23.x86_64 type: libreport *** Bug 1330809 has been marked as a duplicate of this bug. *** Description of problem: try to add a usb device with virt-manager Version-Release number of selected component: selinux-policy-3.13.1-158.14.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.8-300.fc23.x86_64 type: libreport Description of problem: I started a Fedora 24 virtual guest with activated VirGL 3D support after updating to selinux-policy-3.13.1-191.13.fc24 and fully relabelling the file system. Version-Release number of selected component: selinux-policy-3.13.1-191.13.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.7-300.fc24.x86_64 type: libreport Description of problem: Assigning USB device to a VM Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.6-300.fc24.x86_64 type: libreport (In reply to Rubén Lledó from comment #5) > Description of problem: > First, I've got a Logitech C310 webcam, which works on a Linux host > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > new USB host device, vía virt-manager GUI. When I start the virtual machine, > with the command "sudo virsh start win10", this error pops up. Windows 10 > doesn't detect my webcam, even with the official drivers installed. > > > Additional info: > reporter: libreport-2.6.4 > hashmarkername: setroubleshoot > kernel: 4.4.2-301.fc23.x86_64 > type: libreport As long as I'm concerned, It's was solved after upgrading to Fedora 25 (In reply to Rubén Lledó from comment #13) > (In reply to Rubén Lledó from comment #5) > > Description of problem: > > First, I've got a Logitech C310 webcam, which works on a Linux host > > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > > new USB host device, vía virt-manager GUI. When I start the virtual machine, > > with the command "sudo virsh start win10", this error pops up. Windows 10 > > doesn't detect my webcam, even with the official drivers installed. > > > > > > Additional info: > > reporter: libreport-2.6.4 > > hashmarkername: setroubleshoot > > kernel: 4.4.2-301.fc23.x86_64 > > type: libreport > > As long as I'm concerned, It's was solved after upgrading to Fedora 25 Fedora 24 (In reply to Rubén Lledó from comment #14) > (In reply to Rubén Lledó from comment #13) > > (In reply to Rubén Lledó from comment #5) > > > Description of problem: > > > First, I've got a Logitech C310 webcam, which works on a Linux host > > > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > > > new USB host device, vía virt-manager GUI. When I start the virtual machine, > > > with the command "sudo virsh start win10", this error pops up. Windows 10 > > > doesn't detect my webcam, even with the official drivers installed. > > > > > > > > > Additional info: > > > reporter: libreport-2.6.4 > > > hashmarkername: setroubleshoot > > > kernel: 4.4.2-301.fc23.x86_64 > > > type: libreport > > > > As long as I'm concerned, It's was solved after upgrading to Fedora 25 > > Fedora 24 Using Fedora 24 and the bug is still around. It's more similar to the following bug which was closed as a duplicate of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=1330809 SELinux is preventing qemu-system-x86 from read access on the file +usb:2-1:1.0. Additional Information: Source Context system_u:system_r:svirt_t:s0:c334,c860 Target Context system_u:object_r:udev_var_run_t:s0 Target Objects +usb:2-1:1.0 [ file ] Source qemu-system-x86 Source Path qemu-system-x86 Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.7.2-201.fc24.x86_64 #1 SMP Fri Aug 26 15:58:40 UTC 2016 x86_64 x86_64 Alert Count 14 First Seen 2016-09-11 08:45:29 CEST Last Seen 2016-09-11 08:45:29 CEST Local ID d5b309c6-7dec-45e4-8acf-25d90d1b1de8 Raw Audit Messages type=AVC msg=audit(1473576329.938:1227): avc: denied { read } for pid=19292 comm="qemu-system-x86" name="+usb:2-1:1.0" dev="tmpfs" ino=17706 scontext=system_u:system_r:svirt_t:s0:c334,c860 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0 selinux-policy-3.13.1-158.24.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524 selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524 selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |