Bug 454047
Summary: | SELinux is preventing libvirtd (virtd_t) "getsched" to <Unknown> (virtd_t) & (qemu_t) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lawrence Lim <llim> | ||||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 9 | CC: | desktop-bugs, jkubin, petrosyan, tools-bugs | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | selinux-policy-3.3.1-78.fc9.noarch | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-08-13 04:36:04 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Lawrence Lim
2008-07-04 05:03:11 UTC
Created attachment 310991 [details]
alert against virtd_t
Created attachment 310992 [details]
alert to qemu_t
I think this really need to be fixed in the SELinux policies, and since Ovirt is based on Fedora, that's should be in the Fedora Component. I doubt it should be processed in the isolation of the Virtualization tools components. So reassigning, Daniel This is on Fedora 9 This is definitely fixed in selinux-policy-3.3.1-76.fc9 if not earlier. Please update to the latest SELinux policy. I also have a getsched avc denial for libvirtd, (also qemu), slightly different error.. [root@macmini ~]# date Fri Jul 25 11:52:16 EST 2008 [root@macmini ~]# rpm -q selinux-policy selinux-policy-3.3.1-78.fc9.noarch -- meanwhile virt-manager is run and a prebuilt domain is attempted to be started -- [root@macmini ~]# tail -f /var/log/messages -n 5 Jul 25 11:51:55 macmini kernel: virbr0: port 1(vnet0) entering disabled state Jul 25 11:51:55 macmini kernel: device vnet0 left promiscuous mode Jul 25 11:51:55 macmini kernel: virbr0: port 1(vnet0) entering disabled state Jul 25 11:51:55 macmini setroubleshoot: SELinux is preventing libvirtd (virtd_t) "getsched" to <Unknown> (virtd_t). For complete SELinux messages. run sealert -l 575aa5fe-4e1d-4658-b018-0c3c30a775a7 Jul 25 11:52:15 macmini wmealing: test-test Jul 25 11:52:32 macmini kernel: device vnet0 entered promiscuous mode Jul 25 11:52:32 macmini kernel: virbr0: port 1(vnet0) entering listening state Jul 25 11:52:32 macmini kernel: kvm: guest NX capability removed Jul 25 11:52:32 macmini kernel: kvm: guest NX capability removed Jul 25 11:52:32 macmini kernel: virbr0: port 1(vnet0) entering disabled state Jul 25 11:52:32 macmini kernel: device vnet0 left promiscuous mode Jul 25 11:52:32 macmini kernel: virbr0: port 1(vnet0) entering disabled state Jul 25 11:52:32 macmini setroubleshoot: SELinux is preventing libvirtd (virtd_t) "getsched" to <Unknown> (virtd_t). For complete SELinux messages. run sealert -l 575aa5fe-4e1d-4658-b018-0c3c30a775a7 [root@macmini ~]# date Fri Jul 25 11:52:45 EST 2008 Please send me the complete output from the sealert command Updated to selinux-policy-3.3.1-78.fc9.noarch, verified this issue has been fixed. |