Bug 452765
Summary: | SELinux is preventing iptables (iptables_t) "read write" to /proc/xen/privcmd | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Martin Jürgens <ma> |
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 5.2 | CC: | clalance, djuran, dwalsh, mrezanin, sghosh, xen-maint |
Target Milestone: | rc | ||
Target Release: | 5.6 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-20 11:15:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 514500 |
Description
Martin Jürgens
2008-06-24 21:33:00 UTC
Reassigning to selinux-policy-targeted This is not a selinux-policy problem This is a leaked file descriptor in xen. iptables is not looking at /proc/xen/privcmd, xend is and is leaking this when it executes iptables. It should close fd's when it executes other apps. fcntl(fd, F_SETFD, FD_CLOEXEC); Martin You can write custom policy to make this error disappear by executing # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Hi Martin, can you write down some situation when message apperas? I'm not able to reproduce it. sorry. cant remember. using kvm now :( As there's no know scenario for this problem closing this bz. If you reproduce it feel free to reopen it. |