Bug 446552

Summary: SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplug/block (udev_var_run_t).
Product: Red Hat Enterprise Linux 5 Reporter: Rahadi Kurniawan <rahadikurniawan>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 5.1CC: keith.schincke
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: u2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-23 19:34:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rahadi Kurniawan 2008-05-15 02:14:35 UTC 
Description of problem:
SELinux is preventing /sbin/losetup (fsadm_t) "append" to
/var/run/xen-hotplug/block (udev_var_run_t).

Version-Release number of selected component (if applicable):
Source Context:  system_u:system_r:fsadm_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:udev_var_run_tTarget
Objects:  /var/run/xen-hotplug/block [ file ]Affected RPM
Packages:  util-linux-2.13-0.45.el5 [application]Policy
RPM:  selinux-policy-2.4.6-104.el5Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin
Name:  plugins.catchall_fileHost Name:  host.domain.com Platform:  Linux
host.domain.com 2.6.18-53.el5xen #1 SMP Mon Nov 12 02:46:57 EST 2007 x86_64
x86_64Alert Count:  261Line Numbers:   Raw Audit Messages :avc: denied { append
} for comm="losetup" dev=sda3 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0
fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=5435
scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0 

How reproducible:


Steps to Reproduce:
1. run centos on xen
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rahadi Kurniawan 2008-05-15 02:15:17 UTC 
the guest os is centos 5.1
Comment 2 Daniel Walsh 2008-05-15 18:40:25 UTC 
I think this is fixed in u2 policy

preview up on 

http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 3 K Schincke 2008-05-23 03:28:10 UTC 
Daniel,

I have updated my policy (106) to the 137 release. I am now able to create a
full virt DomU to a disk image file. 

Good work

Keith