Bug 210533 - selinux prevents xm console for woring through ssh
selinux prevents xm console for woring through ssh
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-12 15:10 EDT by Juan Quintela
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-09 10:12:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Juan Quintela 2006-10-12 15:10:33 EDT
Description of problem:

When running xm console over ssh, sometimes


Version-Release number of selected component (if applicable):

It happens with all versions, including

selinux-policy-targeted-2.3.18-8
libselinux-1.30.29-2
libselinux-python-1.30.29-2
selinux-policy-2.3.18-8


How reproducible:

It only happens with some versions of the policy.  It can take from several
seconds to a couple of minutes, never more.  There are some policy versions
where it works.  Changing xen or kernel makes the bug appear/dissappear.


Steps to Reproduce:
1. Run kernel-xen
2. Start a guest with xm create -c <guest name>
3. Wait less than 5 minutes, and see that the console is stopped.

Actual results:

Consola gets stopped, each time that I type a key, I get a message on dmesg like:

audit(1160678614.283:210): avc:  denied  { send } for  saddr=192.168.10.210
src=22 daddr=192.168.10.200 dest=52501 netif=eth0
scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=packet


Expected results:

Console working without hanging over ssh.


Additional info:

Workaround: running xm console over screen or cat inside ssh sometimes works.
Comment 1 Daniel Walsh 2006-10-25 13:43:38 EDT
Please try this with the latest policy, which has fixes for this.

selinux-policy-2.4.1-4
Comment 2 Matthew Miller 2007-04-06 15:25:50 EDT
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer
test releases. We're cleaning up the bug database and making sure important bug
reports filed against these test releases don't get lost. It would be helpful if
you could test this issue with a released version of Fedora or with the latest
development / test release. Thanks for your help and for your patience.

[This is a bulk message for all open FC5/FC6 test release bugs. I'm adding
myself to the CC list for each bug, so I'll see any comments you make after this
and do my best to make sure every issue gets proper attention.]
Comment 3 Daniel Walsh 2007-04-09 10:12:02 EDT
All fixed in the current release

Note You need to log in before you can comment on or make changes to this bug.