Bug 1277721
| Summary: | SELinux is preventing brctl from 'write' accesses on the file /var/lib/libvirt/libxl/save/s0.save. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | sudikeru |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 22 | CC: | crobinso, dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, sudikeru |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1444978c1d8fda6f50a4611a20a247a7cb4bd926809ce3e1184feafdd77d5b4c;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-14 16:05:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Is functionality of libvird broken? Despite multiple attempts across multiple bugs sudikeru hasn't responded to NEEDINFO and infact the mail address bounces. Closing this as INSUFFICIENT_DATA |
Description of problem: Start Fedora 22 SELinux is preventing brctl from 'write' accesses on the file /var/lib/libvirt/libxl/save/s0.save. ***** Plugin catchall (100. confidence) suggests ************************** If вы считаете, что brctl следует разрешить доступ write к s0.save file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do чтобы разрешить доступ, выполните: # grep brctl /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:brctl_t:s0-s0:c0.c1023 Target Context system_u:object_r:virt_var_lib_t:s0 Target Objects /var/lib/libvirt/libxl/save/s0.save [ file ] Source brctl Source Path brctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.16.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.3-200.fc22.x86_64 #1 SMP Thu Oct 8 03:23:55 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-10-28 22:12:28 MSK Last Seen 2015-10-28 22:12:28 MSK Local ID a8a08436-efcc-4bd6-8da5-277599e437de Raw Audit Messages type=AVC msg=audit(1446059548.203:936): avc: denied { write } for pid=11050 comm="brctl" path="/var/lib/libvirt/libxl/save/s0.save" dev="sda12" ino=791915 scontext=system_u:system_r:brctl_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_var_lib_t:s0 tclass=file permissive=0 Hash: brctl,brctl_t,virt_var_lib_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport