Bug 161195

Summary: xend conflicts with selinux (targeted) when booting file-backed domains
Product: [Fedora] Fedora Reporter: Nils Toedtmann <bugzilla.redhat.com>
Component: xenAssignee: Rik van Riel <riel>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: sct
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-24 15:11:25 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
dmesg full of selinux denies after "xm create" none

Description Nils Toedtmann 2005-06-21 05:53:59 EDT
Description of problem: 
  Since i upgraded FC3-->FC4, i cannot boot file-backed xen domUs when selinux
  (targeted policy) is active. 


Version-Release number of selected component (if applicable):
  xen-2-20050522
  selinux-policy-targeted-1.23.18-12
  util-linux-2.12p-9.5


How reproducible:
  always


Steps to Reproduce:
  [setenforce 1]
  xm create $domain-config

  
Actual results:
  [root@crusher ~]# xm create -c bering
  Using config file "/etc/xen/bering".
  Error: Error creating domain: vbd: Segment not found:
    uname=file:/var/bering.ext2

  [root@crusher ~]# dmesg
  # see attachment.


Expected results:
  The domain "bering" boots


Additional info:
  If i want to boot a file backed domain ("disk: ['file:...' ]"), i have two
  workarounds: disabling selinux ("setenforce 0") or changing the domains config
  file from

    disk = [ 'file:/var/bering.ext2,hda1,w' ]
    
  to

    disk = [ 'phy:/dev/loop0,hda1,w' ]

  and doing the "losetup /dev/loop0 /var/bering.ext2" myself before the 
  "xm create". I still get lots of selinux denies, but it nevertheless works,
  including networking.

  As the manual "losetup" failed, too due to selinux denies before i upgraded 
  today to selinux-policy-targeted-1.23.18-12, i thought this is bug #160755,
  but now the manual losetup works while the xend-automated losetup fails. So 
  i set up this bugreport.
Comment 1 Nils Toedtmann 2005-06-21 05:54:00 EDT
Created attachment 115741 [details]
dmesg full of selinux denies after "xm create"
Comment 2 Stephen Tweedie 2006-01-24 18:32:18 EST
On current rawhide, this should work OK --- can you please test if the problem
persists?  Thanks.
Comment 3 Brian Stein 2006-02-24 15:11:25 EST
Should currently work upstream; please re-open if the issues persists.