Bug 490305

Summary: SELinux denies multiple functions in VMware guest
Product: [Fedora] Fedora Reporter: Allen Kistler <ackistler>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, jkubin, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-16 15:20:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 490252    
Bug Blocks:    
Attachments:
Description Flags
vmware-related AVC denial records from audit.log
none
vmware-related AVC denial records from audit.log none

Description Allen Kistler 2009-03-15 03:20:31 UTC 
Created attachment 335239 [details]
vmware-related AVC denial records from audit.log

Description of problem:
F11-Alpha running inside VMware Workstation has VMwareTools installed.  vmware-guestd, vmware-user, and a few other binaries running with context vmware_host_t get denied for lots of things by SELinux.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.8-3.fc11

How reproducible:
Always

Steps to Reproduce:
1. Run vmware-tools from it's init script, typically on boot
2. Look in the audit.log or the setroubleshoot browser
  
Actual results:
Lots of AVC denial records (see attachment)

Expected results:
No AVC denial records

Additional info:
Some of the type enforcement is additionally denied by constraints reported in Bug 490252.

The attachment includes only those things I've seen so far, of course.
Comment 1 Allen Kistler 2009-03-15 16:51:25 UTC 
Created attachment 335262 [details]
vmware-related AVC denial records from audit.log

Updated list of log records
Comment 2 Daniel Walsh 2009-03-16 15:20:02 UTC 
Fixed in selinux-policy-3.6.9-2.fc11.noarch