Bug 499551
| Summary: | AVC denial from virsh dominfo - libvirtd (virtd_t) "getattr" svirt_t. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Charles Rose <charles_rose> | ||||
| Component: | libvirt | Assignee: | Daniel Veillard <veillard> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | berrange, clalance, crobinso, dwalsh, itamar, markmc, veillard, virt-maint, wwlinuxengineering | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-05-07 14:25:29 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 480594 | ||||||
| Attachments: |
|
||||||
Could be from looking at /proc/$pid/stat ? Fixed in selinux-policy-3.6.12-31.fc11.noarch |
Created attachment 342776 [details] SELinux alert message Description of problem: Running: # virsh dominfo vfedora11 Id: 5 Name: vfedora11 UUID: b364fa20-349e-e604-94b5-40ca98952b04 OS Type: hvm State: running CPU(s): 1 CPU time: 10.9s Max memory: 524288 kB Used memory: 524288 kB Autostart: disable Security model: selinux Security DOI: 0 Security label: system_u:system_r:svirt_t:s0:c413,c668 (enforcing) shows the domaininfo, but also results in an AVC denial: SELinux is preventing libvirtd (virtd_t) "getattr" svirt_t. Version-Release number of selected component (if applicable): libvirt-0.6.2-4.f11.x86_64 selinux-policy-targetted-3.6.12-28.fc11.noarch How reproducible: Occurs the first three times "virsh dominfo" is run. Restarting libvirtd and running "virsh dominfo" causes the issue to happen again. Steps to Reproduce: 1. Install Fedora Rawhide (7 May) with libvirt 2. Create a fedora 11 beta vm. 3. Run # virsh dominfo vfedora11 Actual results: virsh shows the domain info Expected results: virsh shows the domain info, but an SELinux alert is seen. Additional info: SELinux alert attached.