Bug 249397

Summary: SELinux interaction with VMware
Product: [Other] Security Response Reporter: Tony Camuso <tcamuso>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CANTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-29 20:06:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tony Camuso 2007-07-24 13:01:22 UTC 
Description of problem:

Cannot mount hgfs disks or USB jump drives on Linux guest running on XP host in
VMware player. 

The following alerts were issued and the drives were not mounted. 

SELinux is preventing /sbin/ifconfig (ifconfig_t) "read" to
/var/run/vmware-active-nics (initrc_var_run_t).

SELinux denied access requested by /sbin/ifconfig. It is not expected that this
access is required by /sbin/ifconfig and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/run/vmware-active-nics, restorecon -v
/var/run/vmware-active-nics If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a bug
report against this package.


Version-Release number of selected component (if applicable):


How reproducible:
Every boot


Steps to Reproduce:
1. Boot fedora guest with 2.6.22.1-27.fc7 kernel on XP host. 
2.
3.
  
Actual results:

The above alerts. 

Expected results:

No alerts. 

Additional info:
Comment 1 Tony Camuso 2007-10-29 20:06:31 UTC 
VMWARE has informed me that they do not support Fedora guests.