Bug 602463
Summary: | Your system may be seriously compromised! /sbin/modprobe tried to load a kernel module. | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Matěj Cepl <mcepl> | |
Component: | libvirt | Assignee: | Chris Lalancette <clalance> | |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Virtualization Bugs <virt-bugs> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 6.0 | CC: | berrange, carlg, dallan, ddumas, hbrock, jcm, mjenner, notting, xen-maint | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | setroubleshoot_trace_hash:5a5ffb19fb18cee7bb81d2460915ebc3fb03ac946685188f67a18a58d3fb7663 | |||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 654579 (view as bug list) | Environment: | ||
Last Closed: | 2011-02-18 14:56:08 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 628871, 654579 |
Description
Matěj Cepl
2010-06-09 21:44:46 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. Daniel, Is libvirt supposed to be able to execute modprobe? Yes & no. In theory we need it for PCI hotplug to load 'pci-stub' or 'pciback', but those are both compiled into the kernel these days, so it shouldn't be that which triggered this AVC. I'm wondering if perhaps some other library libvirt calls is running modprobe. I'd really need to see what the argument to modprobe were to identify what's running it. IMHO we should avoid giving libvirt modprobe privileges. Is there a way to fix the error message? "/sbin/modprobe tried to load a kernel module" is not particularly informative as to the actual problem. As Dan mentioned in comment #4, the only modprobe that libvirt itself ever does is for pci-stub or pci-back. And running a RHEL-6 kernel, the former is built-in (while the latter doesn't exist), so we should never run this particular modprobe. That being said, if you were running a custom kernel of some manner, this could trigger. Were you running a custom kernel? What kernel were you running exactly? If this is not a custom kernel, then the only other explanation is that one of the libraries libvirt requires tried to do this modprobe. What were you doing at the time you got this AVC? Can you reliably reproduce this? If so, what are the steps to reproduce? Thanks, Chris Lalancette (In reply to comment #7) > As Dan mentioned in comment #4, the only modprobe that libvirt itself ever does > is for pci-stub or pci-back. And running a RHEL-6 kernel, the former is > built-in (while the latter doesn't exist), so we should never run this > particular modprobe. That being said, if you were running a custom kernel of > some manner, this could trigger. Were you running a custom kernel? What > kernel were you running exactly? I haven't build a kernel since 2006, when I switched to Fedora ;) (and once for some testing purposes half a year ago). No, this was just the latest RHEL-6 kernel from repos. > If this is not a custom kernel, then the only other explanation is that one of > the libraries libvirt requires tried to do this modprobe. What were you doing > at the time you got this AVC? Can you reliably reproduce this? If so, what > are the steps to reproduce? Not sure what I did, probably just starting a virtual machine. And no I cannot reproduce it. > Not sure what I did, probably just starting a virtual machine. And no I cannot
> reproduce it.
Same here, i do not run a custom kernel. I remember starting libvirtd and libvirt-guests and running a VM around the time i saw this AVC.
kernel-2.6.35-0.27.rc4.git0.fc14.x86_64
selinux-policy-3.8.6-1.fc14.noarch
Since we do not have enough information to understand what's happening here, and the behavior no longer seems to be present, I'm closing as insufficient data. As always, please reopen if it reappears. |