Bug 988996

Summary:	SELinux is preventing /usr/bin/qemu-system-x86_64 from 'read' accesses on the file /home/ramtech/vms/win7.img.
Product:	[Fedora] Fedora	Reporter:	nospam
Component:	libvirt	Assignee:	Libvirt Maintainers <libvirt-maint>
Status:	CLOSED INSUFFICIENT_DATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	19	CC:	berrange, clalancette, crobinso, dominick.grift, dwalsh, itamar, jforbes, jyang, laine, libvirt-maint, mgrepl, nospam, veillard
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Unspecified
Whiteboard:	abrt_hash:73b8315a59abeee67870efe96ffca781a2edec02e8de3ff442bf12eef6729e7e
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-08-30 22:15:42 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description nospam 2013-07-26 21:01:20 UTC

Description of problem:
Happened during Windows 7 VM 
SELinux is preventing /usr/bin/qemu-system-x86_64 from 'read' accesses on the file /home/ramtech/vms/win7.img.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that qemu-system-x86_64 should be allowed read access on the win7.img file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-system-x86 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c653,c780
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                /home/ramtech/vms/win7.img [ file ]
Source                        qemu-system-x86
Source Path                   /usr/bin/qemu-system-x86_64
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           qemu-system-x86-1.4.2-4.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-65.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 3.9.9-302.fc19.x86_64 #1 SMP Sat
                              Jul 6 13:41:07 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-07-26 22:58:58 CEST
Last Seen                     2013-07-26 22:58:58 CEST
Local ID                      6181b3cb-3132-4dc1-903b-bde65433837d

Raw Audit Messages
type=AVC msg=audit(1374872338.920:491): avc:  denied  { read } for  pid=2588 comm="qemu-system-x86" path="/home/ramtech/vms/win7.img" dev="sda5" ino=21102824 scontext=system_u:system_r:svirt_t:s0:c653,c780 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1374872338.920:491): arch=x86_64 syscall=preadv success=yes exit=131072 a0=d a1=7fc7d1bc2370 a2=2 a3=1ca9ed000 items=0 ppid=1 pid=2588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=qemu-system-x86 exe=/usr/bin/qemu-system-x86_64 subj=system_u:system_r:svirt_t:s0:c653,c780 key=(null)

Hash: qemu-system-x86,svirt_t,user_home_t,file,read

Additional info:
reporter:       libreport-2.1.5
hashmarkername: setroubleshoot
kernel:         3.9.9-302.fc19.x86_64
type:           libreport

Comment 1 Daniel Walsh 2013-07-28 00:04:22 UTC

Seems to be  a libvirt bud since he img file is not labeled correctly.

Comment 2 Cole Robinson 2013-08-30 22:15:42 UTC

Thanks for the report, however we need more info.

How did you create the VM (what tool)?
How did you start the VM?
Is this reproducible every time?

Please reopen and provide that information.

Comment 3 Red Hat Bugzilla 2023-09-14 01:48:26 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days