Bug 233777
Summary: | virt-manager: abort at virDomainCreateLinux() due to AVC denied | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | ericm24x7 | ||||||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | rawhide | CC: | dwalsh | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2007-08-22 14:17:28 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
ericm24x7
2007-03-24 23:10:51 UTC
Created attachment 150837 [details]
output of AVC denied {tapdisk}
Created attachment 150838 [details]
AVC denied output: xen-hotplug-cle (udev_t)
Created attachment 150839 [details]
AVC denied output: xen read to config.sxp
In the future please add three different Bugzilla's and attach them to the package not to SELinux, and cc me if you would. The first one is a bug in policy, which should allow xend to read symbolic links labeled xen_device_t. The second one I am not sure why udev would want to read xend_log_t. The third bugzilla looks like a mislabeled config.sxp. This should not be labeled tmp_t. Running restorecon config.sxp would probably fix. Not sure what this file is and how it was created but if it was created in /tmp and then mv'd somewhere it could have the wrong context on it. "The second one I am not sure why udev would want to read xend_log_t." I'm not sure either but I saw a machine yesterday where all sorts of scripts under /etc/xen/scripts (all labeled bin_t) were being called and running in the udev_t domain. A search of ps -efZ | grep udev only showed one process running as udev_t (udev) does udev new call xen scripts for some reason and didn't used to? Fixed in selinux-policy-2.5.11-8.fc7 Should be fixed in the current release |