Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 215590 - SELinux denial when creating a fully-virt domain with virt-manager
SELinux denial when creating a fully-virt domain with virt-manager
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-11-14 14:25 EST by Chris Lalancette
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-14 15:30:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Lalancette 2006-11-14 14:25:48 EST
Description of problem:
I went through the following steps to create a fully virt domain with
virt-manager (x86_64):

1.  New
2.  System name -> rhel5-fv
3.  Fully-virtualized
4.  ISO image location: /var/lib/xen/isos/boot.iso
5.  Simple file: /var/lib/xen/images/rhel5-fv.dsk
6.  Max memory = 500, startup memory = 500, vcpus = 1
7.  Finish

After clicking finish, I get "ERROR: virDomainCreateLinux() failed", and some
error messages in /var/log/audit/auditd.log:

type=AVC msg=audit(1163532317.285:199): avc:  denied  { getattr } for  pid=3070
comm="python" name="boot.iso" dev=sda3 ino=4877676
scontext=system_u:system_r:xend_t:s0 tcontext=root:object_r:user_home_t:s0
type=SYSCALL msg=audit(1163532317.285:199): arch=c000003e syscall=4 success=no
exit=-13 a0=77a470 a1=427ff9f0 a2=427ff9f0 a3=77a470 items=0 ppid=2655 pid=3070
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:xend_t:s0
type=AVC_PATH msg=audit(1163532317.285:199):  path="/var/lib/xen/isos/boot.iso"

Version-Release number of selected component (if applicable):
virt-manager 0.2.5-1
kernel 2.6.18-1.2747.el5xen
selinux-policy-targeted 2.4.3-11
Comment 1 Daniel Walsh 2006-11-14 15:30:00 EST
You have a badly labeled file

restorecon -R -v /var/lib/xen

Looks like you mv'd it from a homedir or /root.

Need to relabel file

Note You need to log in before you can comment on or make changes to this bug.