Bug 867395
Summary: | [selinux-policy] AVC when trying to start qemu-kvm domain (guest) on posix compliant file-system | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | RHEL Program Management <pm-rhel> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.4 | CC: | abaron, ashetty, dwalsh, hateya, iheim, jpallich, mburns, mgrepl, mmalik, pm-eus, shaines, veillard, yeylon, ykaul |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.7.19-155.el6_3.6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-11-08 19:05:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 835936 | ||
Bug Blocks: |
Description
RHEL Program Management
2012-10-17 12:40:43 UTC
Fixed in selinux-policy-3.7.19-155.el6_3.6 On RHEL 6.3 hypervisor, we updated the selinux-policy and selinux-policy-targeted rpm and the enabled the sanlock_use_fusefs and virt_use_fusefs booleans. With selinux in enforcing mode, we were able to create VMs and migrate VMs. So moving this bug to verified. [root@rhs-gp-srv2 ~]# getsebool -a | grep fusefs samba_share_fusefs --> off sanlock_use_fusefs --> on use_fusefs_home_dirs --> off virt_use_fusefs --> on [root@rhs-gp-srv2 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted [root@rhs-gp-srv2 ~]# rpm -qa | grep -i selinux libselinux-python-2.0.94-5.3.el6.x86_64 selinux-policy-3.7.19-155.el6_3.6.noarch libselinux-2.0.94-5.3.el6.x86_64 selinux-policy-targeted-3.7.19-155.el6_3.6.noarch libselinux-utils-2.0.94-5.3.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-1441.html |