Bug 161195 - xend conflicts with selinux (targeted) when booting file-backed domains
Summary: xend conflicts with selinux (targeted) when booting file-backed domains
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: xen   
(Show other bugs)
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rik van Riel
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-21 09:53 UTC by Nils Toedtmann
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-24 20:11:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg full of selinux denies after "xm create" (22.69 KB, text/plain)
2005-06-21 09:53 UTC, Nils Toedtmann
no flags Details

Description Nils Toedtmann 2005-06-21 09:53:59 UTC
Description of problem: 
  Since i upgraded FC3-->FC4, i cannot boot file-backed xen domUs when selinux
  (targeted policy) is active. 


Version-Release number of selected component (if applicable):
  xen-2-20050522
  selinux-policy-targeted-1.23.18-12
  util-linux-2.12p-9.5


How reproducible:
  always


Steps to Reproduce:
  [setenforce 1]
  xm create $domain-config

  
Actual results:
  [root@crusher ~]# xm create -c bering
  Using config file "/etc/xen/bering".
  Error: Error creating domain: vbd: Segment not found:
    uname=file:/var/bering.ext2

  [root@crusher ~]# dmesg
  # see attachment.


Expected results:
  The domain "bering" boots


Additional info:
  If i want to boot a file backed domain ("disk: ['file:...' ]"), i have two
  workarounds: disabling selinux ("setenforce 0") or changing the domains config
  file from

    disk = [ 'file:/var/bering.ext2,hda1,w' ]
    
  to

    disk = [ 'phy:/dev/loop0,hda1,w' ]

  and doing the "losetup /dev/loop0 /var/bering.ext2" myself before the 
  "xm create". I still get lots of selinux denies, but it nevertheless works,
  including networking.

  As the manual "losetup" failed, too due to selinux denies before i upgraded 
  today to selinux-policy-targeted-1.23.18-12, i thought this is bug #160755,
  but now the manual losetup works while the xend-automated losetup fails. So 
  i set up this bugreport.

Comment 1 Nils Toedtmann 2005-06-21 09:54:00 UTC
Created attachment 115741 [details]
dmesg full of selinux denies after "xm create"

Comment 2 Stephen Tweedie 2006-01-24 23:32:18 UTC
On current rawhide, this should work OK --- can you please test if the problem
persists?  Thanks.


Comment 3 Brian Stein 2006-02-24 20:11:25 UTC
Should currently work upstream; please re-open if the issues persists.


Note You need to log in before you can comment on or make changes to this bug.