215590 – SELinux denial when creating a fully-virt domain with virt-manager

Bug 215590 - SELinux denial when creating a fully-virt domain with virt-manager

Summary: SELinux denial when creating a fully-virt domain with virt-manager

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy-targeted
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-14 19:25 UTC by Chris Lalancette
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-11-14 20:30:00 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Chris Lalancette 2006-11-14 19:25:48 UTC

Description of problem:
I went through the following steps to create a fully virt domain with
virt-manager (x86_64):

1.  New
2.  System name -> rhel5-fv
3.  Fully-virtualized
4.  ISO image location: /var/lib/xen/isos/boot.iso
5.  Simple file: /var/lib/xen/images/rhel5-fv.dsk
6.  Max memory = 500, startup memory = 500, vcpus = 1
7.  Finish

After clicking finish, I get "ERROR: virDomainCreateLinux() failed", and some
error messages in /var/log/audit/auditd.log:

type=AVC msg=audit(1163532317.285:199): avc:  denied  { getattr } for  pid=3070
comm="python" name="boot.iso" dev=sda3 ino=4877676
scontext=system_u:system_r:xend_t:s0 tcontext=root:object_r:user_home_t:s0
tclass=file
type=SYSCALL msg=audit(1163532317.285:199): arch=c000003e syscall=4 success=no
exit=-13 a0=77a470 a1=427ff9f0 a2=427ff9f0 a3=77a470 items=0 ppid=2655 pid=3070
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:xend_t:s0
key=(null)
type=AVC_PATH msg=audit(1163532317.285:199):  path="/var/lib/xen/isos/boot.iso"

Version-Release number of selected component (if applicable):
virt-manager 0.2.5-1
kernel 2.6.18-1.2747.el5xen
selinux-policy-targeted 2.4.3-11

Comment 1 Daniel Walsh 2006-11-14 20:30:00 UTC

You have a badly labeled file


restorecon -R -v /var/lib/xen

Looks like you mv'd it from a homedir or /root.

Need to relabel file

Note You need to log in before you can comment on or make changes to this bug.