Bug 496867
Summary: | SELinux issue causing libvirtd launched dnsmasq to fail | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Alan Pevec <apevec> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.3 | CC: | ajia, atodorov, berrange, clalance, crobinso, dwalsh, jkubin, mgrepl, mmalik, ohudlick, veillard |
Target Milestone: | alpha | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 484199 | Environment: | |
Last Closed: | 2009-09-02 07:58:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alan Pevec
2009-04-21 14:04:39 UTC
Fixed in selinux-policy-2.4.6-226.el5 > Can you add /var/run/libvirt/network to the libvirt spec file
# rpm -q libvirt
libvirt-0.6.2-1.el5.x86_64
# rpm -qf /var/run/libvirt/network/
file /var/run/libvirt/network is not owned by any package
This is in Fedora but not in RHEL5 spec:
%dir %{_localstatedir}/run/libvirt/network/
w.r.t. #2 I will add this when I push libvirt 0.6.3 on Friday, thanks for the heads-up ! Daniel libvirt-0.6.3-1.el5 has been built into dist-5E-qu-candidate and should fix the issue: shell:/mnt/redhat/brewroot/packages/libvirt/0.6.3/1.el5 -> rpm -qlp ./x86_64/libvirt-0.6.3-1.el5.x86_64.rpm | grep run/libvirt/network /var/run/libvirt/network shell:/mnt/redhat/brewroot/packages/libvirt/0.6.3/1.el5 -> Daniel Hi, with selinux-policy-2.4.6-229.el5 # rpm -qf /var/run/libvirt/network/ libvirt-0.6.3-2.el5 I still see this issue: avc: denied { search } for pid=20643 comm="dnsmasq" name="libvirt" dev=dm-0 ino=21856268 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:virt_var_run_t:s0 tclass=dir type=SYSCALL msg=audit(1241787018.083:43): arch=40000003 syscall=5 success=no exit=-13 a0=94438a8 a1=8241 a2=1b6 a3=9448878 items=0 ppid=20642 pid=20643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dnsmasq" exe="/usr/sbin/dnsmasq" subj=system_u:system_r:dnsmasq_t:s0 key=(null) I'm running virt-manager in GUI mode. Fixed in selinux-policy-2.4.6-232.el5 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1242.html |