Bug 517621
| Summary: | SELinux prevented pt_chown from using the terminal 3. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sascha Thomas Spreitzer <sascha> |
| Component: | kvm | Assignee: | Glauber Costa <gcosta> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | berrange, clalance, ehabkost, gcosta, markmc, quintela, virt-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-08-18 10:46:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the report Please try https://admin.fedoraproject.org/updates/F11/FEDORA-2009-8536 from updates-testing *** This bug has been marked as a duplicate of bug 515521 *** |
Description of problem: SELinux prevented pt_chown from using the terminal 3. SELinux prevented pt_chown from using the terminal 3. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Version-Release number of selected component (if applicable): [~]$ rpm -qa|grep -i kvm qemu-kvm-0.10.5-3.fc11.x86_64 etherboot-zroms-kvm-5.4.4-16.fc11.noarch [~]$ rpm -qa|grep -i virt libvirt-0.6.2-13.fc11.x86_64 virt-viewer-0.0.3-6.fc11.x86_64 python-virtinst-0.400.3-8.fc11.noarch virt-manager-0.7.0-5.fc11.x86_64 virt-top-1.0.3-4.fc11.x86_64 libvirt-python-0.6.2-13.fc11.x86_64 [~]$ rpm -qa|grep -i selinux libselinux-2.0.80-1.fc11.x86_64 libselinux-debuginfo-2.0.80-1.fc11.x86_64 libselinux-2.0.80-1.fc11.i586 libselinux-devel-2.0.80-1.fc11.x86_64 selinux-policy-3.6.12-72.fc11.noarch libselinux-python-2.0.80-1.fc11.x86_64 libselinux-utils-2.0.80-1.fc11.x86_64 selinux-policy-targeted-3.6.12-72.fc11.noarch How reproducible: Everytime powering on a VM. Steps to Reproduce: 1. Start libvirtd 2. Open virt-manager 3. Open VM 4. Start VM Actual results: SElinux prevents VM from powering on. Expected results: VM should start. Additional info: Setting the recommended persistent sebool does NOT work! -> [~]$ getsebool allow_daemons_use_tty allow_daemons_use_tty --> on audit.log: node=badcat type=AVC msg=audit(1250325927.405:47): avc: denied { setattr } for pid=6193 comm="pt_chown" name="3" dev=devpts ino=6 scontext=system_u:system_r:svirt_t:s0:c52,c941 tcontext=system_u:object_r:devpts_t:s0:c52,c941 tclass=chr_file node=badcat type=SYSCALL msg=audit(1250325927.405:47): arch=c000003e syscall=92 success=no exit=-35930152 a0=7f89b806c1d0 a1=0 a2=5 a3=7fff8ffe7ec0 items=0 ppid=6188 pid=6193 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pt_chown" exe="/usr/libexec/pt_chown" subj=system_u:system_r:svirt_t:s0:c52,c941 key=(null)