Bug 184444

Summary: xend status can hardlock a system
Product: [Fedora] Fedora Reporter: Brian Brock <bbrock>
Component: kernel-xenAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: bstein, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-18 19:40:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 179629    

Description Brian Brock 2006-03-08 21:09:08 UTC 
`xend status` can repeatably hardlock a system.

kernel-xen0-2.6.15-1.2032_FC5
xen-3.0.1-3
libselinux-1.29.7-1.2
libselinux-python-1.29.7-1.2
selinux-policy-2.2.23-6
selinux-policy-targeted-2.2.23-6
audit-libs-python-1.1.5-1
audit-libs-1.1.5-1


Output from a sample session:

# setenforce 0
audit(timestamp): avc: granted { setenforce } for pid=2390 comm="setenforce"
scontext=root:system_r:unconfined_t:s0-s0:c0.c255
tcontext=system_u:object_r:security_t:s0 tclass=security
# xend status
# echo $?
3
# service xend status
audit(timestamp): avc: denied { read write } for pid=2397 comm="xend"
name="tty1" dev=tmpfs ino=1175 scontext=root:system_r:xend_t:s0
tcontext=object_r:tty_device_t:s0 tclass=chr_file
<hardlock>

Expected results:
No hardlock.
No selinux complaints after running `setenforce 0`
Comment 1 Brian Brock 2006-03-09 17:44:41 UTC 
identical (aside from pid) "avc: denied" occurs when running `service xend
start` with selinux enabled.

selinux-policy-2.2.23-11
selinux-policy-targeted-2.2.23-11
xen-3.0.1-4
Comment 3 Daniel Walsh 2006-05-09 21:01:26 UTC 
fixed in selinux-policy-2.2.38-1.FC5.
Comment 4 Brian Brock 2006-06-14 15:09:10 UTC 
fix verified
Comment 5 Brian Stein 2006-10-18 19:40:37 UTC 
closing per comments above.