Bug 458647
Summary: | can't run virt-manager as non-root user | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Juran <djuran> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-17 22:05:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Juran
2008-08-11 10:43:51 UTC
# audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-85.fc9.noarch With selinux-policy-3.3.1-85.fc9 I'm getting a slightly different error: [root@lunkyzard ~]# sealert -l ad613644-5f8d-4983-b07a-00246545dcdd Summary: SELinux is preventing polkit-resolve- (polkit_resolve_t) "getattr" to <Unknown> (virtd_t). Detailed Description: SELinux denied access requested by polkit-resolve-. It is not expected that this access is required by polkit-resolve- and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:polkit_resolve_t:s0 Target Context system_u:system_r:virtd_t:s0 Target Objects None [ process ] Source polkit-resolve- Source Path /usr/libexec/polkit-resolve-exe-helper Port <Unknown> Host lunkyzard.netact.noklab.net Source RPM Packages PolicyKit-0.8-2.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-85.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name lunkyzard.netact.noklab.net Platform Linux lunkyzard.netact.noklab.net 2.6.25.14-108.fc9.x86_64 #1 SMP Mon Aug 4 13:46:35 EDT 2008 x86_64 x86_64 Alert Count 2 First Seen Wed Aug 13 17:38:52 2008 Last Seen Wed Aug 13 17:47:43 2008 Local ID ad613644-5f8d-4983-b07a-00246545dcdd Line Numbers Raw Audit Messages host=lunkyzard.netact.noklab.net type=AVC msg=audit(1218638863.689:39): avc: denied { getattr } for pid=4265 comm="polkit-resolve-" scontext=system_u:system_r:polkit_resolve_t:s0 tcontext=system_u:system_r:virtd_t:s0 tclass=process host=lunkyzard.netact.noklab.net type=SYSCALL msg=audit(1218638863.689:39): arch=c000003e syscall=0 success=no exit=-13 a0=4 a1=aeb2a0 a2=fff a3=0 items=0 ppid=3426 pid=4265 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkit-resolve-" exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:polkit_resolve_t:s0 key=(null) Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |