Bug 1292304 - SELinux preventing virtlogd.socket from starting
Summary: SELinux preventing virtlogd.socket from starting
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-16 23:54 UTC by York Possemiers
Modified: 2016-01-21 11:53 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-01-21 11:53:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
ausearch recent after starting virtlogd.socket in permissive mode (13.34 KB, text/plain)
2016-01-08 02:19 UTC, York Possemiers 		no flags Details
View All

Description York Possemiers 2015-12-16 23:54:14 UTC 
Description of problem:
Virtual machines in libvirt cannot start while virtlogd.socket is inaccessible. Starting the socket with 'systemctl start virtlogd.socket' yields "virtlogd.socket: Failed to listen on sockets: Permission denied"
setenforce 0 allows it to start

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-163.fc24.noarch
libvirt-daemon-1.3.0-1.fc24.x86_64


How reproducible:
100%


Steps to Reproduce:
1. systemctl start virtlogd.socket

Actual results:
Unable to open socket

Expected results:
Unit starts successfully

Additional info:
Comment 1 Lukas Vrabec 2016-01-07 09:42:57 UTC 
Hi, 

Could reproduce this issue when you switch SELinux mode to permissive? 

If yes, could you attach reproducer and AVC msgs? 
1. Reproduce the issue
2. # ausearch -m AVC -ts recent 

Thank you.
Comment 2 York Possemiers 2016-01-08 02:19:49 UTC 
Created attachment 1112697 [details]
ausearch recent after starting virtlogd.socket in permissive mode
Note You need to log in before you can comment on or make changes to this bug.