Bug 161195 - xend conflicts with selinux (targeted) when booting file-backed domains
xend conflicts with selinux (targeted) when booting file-backed domains
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Rik van Riel
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-21 05:53 EDT by Nils Toedtmann
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-24 15:11:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg full of selinux denies after "xm create" (22.69 KB, text/plain)
2005-06-21 05:53 EDT, Nils Toedtmann
no flags Details

  None (edit)
Description Nils Toedtmann 2005-06-21 05:53:59 EDT
Description of problem: 
  Since i upgraded FC3-->FC4, i cannot boot file-backed xen domUs when selinux
  (targeted policy) is active. 


Version-Release number of selected component (if applicable):
  xen-2-20050522
  selinux-policy-targeted-1.23.18-12
  util-linux-2.12p-9.5


How reproducible:
  always


Steps to Reproduce:
  [setenforce 1]
  xm create $domain-config

  
Actual results:
  [root@crusher ~]# xm create -c bering
  Using config file "/etc/xen/bering".
  Error: Error creating domain: vbd: Segment not found:
    uname=file:/var/bering.ext2

  [root@crusher ~]# dmesg
  # see attachment.


Expected results:
  The domain "bering" boots


Additional info:
  If i want to boot a file backed domain ("disk: ['file:...' ]"), i have two
  workarounds: disabling selinux ("setenforce 0") or changing the domains config
  file from

    disk = [ 'file:/var/bering.ext2,hda1,w' ]
    
  to

    disk = [ 'phy:/dev/loop0,hda1,w' ]

  and doing the "losetup /dev/loop0 /var/bering.ext2" myself before the 
  "xm create". I still get lots of selinux denies, but it nevertheless works,
  including networking.

  As the manual "losetup" failed, too due to selinux denies before i upgraded 
  today to selinux-policy-targeted-1.23.18-12, i thought this is bug #160755,
  but now the manual losetup works while the xend-automated losetup fails. So 
  i set up this bugreport.
Comment 1 Nils Toedtmann 2005-06-21 05:54:00 EDT
Created attachment 115741 [details]
dmesg full of selinux denies after "xm create"
Comment 2 Stephen Tweedie 2006-01-24 18:32:18 EST
On current rawhide, this should work OK --- can you please test if the problem
persists?  Thanks.
Comment 3 Brian Stein 2006-02-24 15:11:25 EST
Should currently work upstream; please re-open if the issues persists.

Note You need to log in before you can comment on or make changes to this bug.