Bug 177599 - selinux policy doesn't allow access to xen virtual disks
selinux policy doesn't allow access to xen virtual disks
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-11 21:31 EST by Jeremy Katz
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.1.9-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-11 07:00:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeremy Katz 2006-01-11 21:31:31 EST
We lost support for labeling xen disks as fixed_device_t.  This seems like the
sane fix

--- serefpolicy-2.1.9/policy/modules/kernel/storage.fc.xen      2006-01-11
21:31:15.000000000 -0500
+++ serefpolicy-2.1.9/policy/modules/kernel/storage.fc  2006-01-11
21:31:48.000000000 -0500
@@ -12,6 +12,7 @@
 /dev/cm20.*            -b      gen_context(system_u:object_r:removable_device_t,s0)
 /dev/dasd[^/]*         -b     
gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
 /dev/dm-[0-9]+         -b     
gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
+/dev/xvd[^/]*          -b     
gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
 /dev/fd[^/]+           -b      gen_context(system_u:object_r:removable_device_t,s0)
 /dev/flash[^/]*                -b     
gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
 /dev/gscd              -b      gen_context(system_u:object_r:removable_device_t,s0)
Comment 1 Daniel Walsh 2006-01-13 10:36:00 EST
Fixed in 2.1.9-2

Note You need to log in before you can comment on or make changes to this bug.