Bug 1631788

Summary: SELinux prevents qemu-guest-agent from reading+locking the /run/utmp file [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact: Mirek Jahoda <mjahoda>
Priority: high    
Version: 7.5CC: agajania, lvrabec, mgrepl, mjahoda, mmalik, mthacker, paulds, plautrba, redhat-bugzilla, rik.theys, robert.scheck, simon.jung, sirao, ssekidde, tgolembi, toneata, usurse, vmojzis, zpytela
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-192.el7_5.7 Doc Type: Bug Fix
Doc Text:
Previously, the SELinux security policy for the QEMU guest agent was too tight and certain rules were missing. As a consequence, the qemu-guest-agent process was not able to read and lock the /run/utmp file. With this update, the missing rules have been added to the policy, and qemu-guest-agent is now able to read and lock /run/utmp.
 Story Points: ---
Clone Of: 1571202 Environment:
Last Closed: 2018-11-06 16:16:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1571202    
Bug Blocks:    

Description Oneata Mircea Teodor 2018-09-21 14:54:45 UTC 
This bug has been copied from bug #1571202 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 7 errata-xmlrpc 2018-11-06 16:16:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3511