Bug 846340
Summary: | VMware virtual ethernet service fails to start on RHEL 6.3 | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Marko Myllynen <myllynen> | ||||||||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||||||||
Status: | CLOSED ERRATA | QA Contact: | Michal Trunecka <mtruneck> | ||||||||||||||
Severity: | medium | Docs Contact: | |||||||||||||||
Priority: | medium | ||||||||||||||||
Version: | 6.3 | CC: | dwalsh, ebenes, mmalik, mtruneck | ||||||||||||||
Target Milestone: | rc | ||||||||||||||||
Target Release: | --- | ||||||||||||||||
Hardware: | All | ||||||||||||||||
OS: | Linux | ||||||||||||||||
Whiteboard: | |||||||||||||||||
Fixed In Version: | selinux-policy-3.7.19-168.el6 | Doc Type: | Bug Fix | ||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||
Clone Of: | Environment: | ||||||||||||||||
Last Closed: | 2013-02-21 08:27:40 UTC | Type: | Bug | ||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||
Embargoed: | |||||||||||||||||
Attachments: |
|
Description
Marko Myllynen
2012-08-07 13:45:41 UTC
Created attachment 602758 [details]
selinux-vmware-audit.txt
So it works in permissive mode? Did you try to create a local policy module? (In reply to comment #3) > So it works in permissive mode? Yes. > Did you try to create a local policy module? No. I'd be happy to test any modules you might suggest. Thanks. Ok, just execute # cat selinux-vmware-audit.txt |audit2allow -M mypol # semodule -i mypol.pp Ok, I will attach parts of audit.log showing the AVC generated during starting/stopping VMware services and the audit2allow generated .te file. However, even with the policy loaded restorecon changes contexts for several VMware related files on consecutive runs without touch the services so those should be investigated as well, I'll attach also restorecon output. Thanks. Created attachment 609992 [details]
selinux-vmware-audit.txt
Created attachment 609993 [details]
Generated policy file
Created attachment 609994 [details]
restorecon output
Added. When trying to update from -155 to -168: localhost:/tmp/selinux# rpm -Fvh selinux-policy-3.7.19-168.el6.noarch.rpm selinux-policy-targeted-3.7.19-168.el6.noarch.rpm Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] libsepol.scope_copy_callback: passenger: Duplicate declaration in module: type/attribute passenger_tmp_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! localhost:/tmp/selinux# semodule -r vmware localhost:/tmp/selinux# semodule -i /usr/share/selinux/targeted/vmware.pp.bz2 libsepol.print_missing_requirements: vmware's global requirements were not met: type/attribute initrc_domain (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! localhost:/tmp/selinux# semodule -l | grep vmware localhost:/tmp/selinux# And after rebooting "semodule -l | grep vmware" returns nothing. Thanks. Yes, it has been fixed in the -169.el6 build. (In reply to comment #13) > Yes, it has been fixed in the -169.el6 build. Now it works ok without AVCs when starting the services and installing/running guests, only one AVC when shutting down the services, I'll attach the audit2allow generated .te file - with that loaded zero AVCs with VMware Workstation 8.0.4. Thanks. Created attachment 625857 [details]
vmware-avc.txt
Created attachment 625858 [details]
vmware-fix.te
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html |