Bug 785411
Summary: | SELinux is preventing /usr/libexec/libvirt_lxc from 'execute' accesses on the None /usr/libexec/pt_chown. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robin Green <greenrd> |
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | berrange, clalancette, crobinso, dominick.grift, dougsland, dwalsh, eblake, itamar, jforbes, laine, libvirt-maint, mgrepl, veillard, virt-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:89925e5f6c0f711f71c9fbc1e11cc62ece75311612128c088471937225b2fa03 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-05 23:44:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robin Green
2012-01-28 19:24:47 UTC
Does not seem like something libvirt_lxc should be doing. Robin, can you provide more info about what you were doing when this issue popped up? /usr/libexec/pt_chown comes from glibc-common FYI, so probably a side effect of some stdlib call? libvirt_lxc MUST create ptys in the LXC that are owned by the new namespace. However, we recently modified the container pty creation to bypass glibc (glibc's pt implementation is not namespace aware): commit 80710c69fee323870b2a8239d93c5e5dddf28366 Author: Serge E. Hallyn <serge.hallyn> Date: Tue Oct 18 20:39:57 2011 -0500 lxc: use hand-rolled code in place of unlockpt and grantpt The glibc ones (intentionally) cannot handle ptys opened in a devpts not mounted at /dev/pts. Drop the (un-exported, unused) virFileOpenTtyAt. Signed-off-by: Serge Hallyn <serge.hallyn> Signed-off-by: Eric Blake <eblake> I think F17 is immune as a result. For now, I'm marking this POST, in case backporting just this one patch is easy for F16, but if it turns out to be difficult, we may just mark it as WONTFIX for F16 (after all, we have a number of other LXC usability issues in F16 that we won't be fixing, but recommend F17 instead). libvirt-0.9.6.1-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/libvirt-0.9.6.1-1.fc16 Package libvirt-0.9.6.1-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libvirt-0.9.6.1-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9913/libvirt-0.9.6.1-1.fc16 then log in and leave karma (feedback). libvirt-0.9.6.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |