| Summary: | SELinux is preventing /usr/bin/python from 'write' accesses on the diretório xen. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | rodrigoatique |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | aquini, berrange, clalance, crobinso, dominick.grift, dwalsh, eric_laura_d, fry.futurateam, howard.pendlebury, itamar, jforbes, laine, mgrepl, veillard, virt-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:e2db3e2b354a5429e6c27e724e5036fc510f022337d72bff134248a804c8d185 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-07 00:30:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Do you know what you were doing? Does it happen it by default? We allow virsh_t to append xen logs. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. F15 is end of life real soon, so closing as WONTFIX. If anyone can still reproduce with a Fedora 16 or Fedora 17, please reopen. |
SELinux is preventing /usr/bin/python from 'write' accesses on the diretório xen. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python should be allowed write access on the xen directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep xm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:virsh_t:s0 Target Context system_u:object_r:xend_var_log_t:s0 Target Objects xen [ dir ] Source xm Source Path /usr/bin/python Port <Desconhecido> Host (removed) Source RPM Packages python-2.7.1-7.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-30.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.6-26.rc1.fc15.i686.PAE #1 SMP Mon May 9 20:36:50 UTC 2011 i686 i686 Alert Count 5 First Seen Ter 05 Jul 2011 15:31:10 BRT Last Seen Qua 06 Jul 2011 17:32:59 BRT Local ID af208ec9-38f3-42f3-af51-96fbdf44af47 Raw Audit Messages type=AVC msg=audit(1309984379.638:30): avc: denied { write } for pid=995 comm="xm" name="xen" dev=sda3 ino=131768 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1309984379.638:30): arch=i386 syscall=open success=no exit=EACCES a0=946e380 a1=8441 a2=1b6 a3=0 items=0 ppid=994 pid=995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xm exe=/usr/bin/python subj=system_u:system_r:virsh_t:s0 key=(null) Hash: xm,virsh_t,xend_var_log_t,dir,write audit2allow #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # xend_var_lib_t, virt_etc_t, virt_etc_rw_t, virt_image_type, xenfs_t, ssh_home_t allow virsh_t xend_var_log_t:dir write; audit2allow -R #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # xend_var_lib_t, virt_etc_t, virt_etc_rw_t, virt_image_type, xenfs_t, ssh_home_t allow virsh_t xend_var_log_t:dir write;