Bug 215590 - SELinux denial when creating a fully-virt domain with virt-manager
Summary: SELinux denial when creating a fully-virt domain with virt-manager
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 5.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-11-14 19:25 UTC by Chris Lalancette
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-14 20:30:00 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Lalancette 2006-11-14 19:25:48 UTC
Description of problem:
I went through the following steps to create a fully virt domain with
virt-manager (x86_64):

1.  New
2.  System name -> rhel5-fv
3.  Fully-virtualized
4.  ISO image location: /var/lib/xen/isos/boot.iso
5.  Simple file: /var/lib/xen/images/rhel5-fv.dsk
6.  Max memory = 500, startup memory = 500, vcpus = 1
7.  Finish

After clicking finish, I get "ERROR: virDomainCreateLinux() failed", and some
error messages in /var/log/audit/auditd.log:

type=AVC msg=audit(1163532317.285:199): avc:  denied  { getattr } for  pid=3070
comm="python" name="boot.iso" dev=sda3 ino=4877676
scontext=system_u:system_r:xend_t:s0 tcontext=root:object_r:user_home_t:s0
type=SYSCALL msg=audit(1163532317.285:199): arch=c000003e syscall=4 success=no
exit=-13 a0=77a470 a1=427ff9f0 a2=427ff9f0 a3=77a470 items=0 ppid=2655 pid=3070
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:xend_t:s0
type=AVC_PATH msg=audit(1163532317.285:199):  path="/var/lib/xen/isos/boot.iso"

Version-Release number of selected component (if applicable):
virt-manager 0.2.5-1
kernel 2.6.18-1.2747.el5xen
selinux-policy-targeted 2.4.3-11

Comment 1 Daniel Walsh 2006-11-14 20:30:00 UTC
You have a badly labeled file

restorecon -R -v /var/lib/xen

Looks like you mv'd it from a homedir or /root.

Need to relabel file

Note You need to log in before you can comment on or make changes to this bug.