Bug 221283 - selinux prevents xm dump-core from working
selinux prevents xm dump-core from working
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rik van Riel
Ben Levenson
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-03 10:44 EST by Jeff Layton
Modified: 2014-06-18 03:35 EDT (History)
2 users (show)

See Also:
Fixed In Version: xen-3.0.3-3.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-15 14:14:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Layton 2007-01-03 10:44:35 EST
While troubleshooting a problem with the rhel4 xenU kernel, I found that I
couldn't get a coredump from the xenU domain on my fc6 dom0. When I did a
"setenforce 0" I was able to get it to work.

The following avc messages were logged:

Jan  3 10:19:41 dantu kernel: audit(1167837581.876:58): avc:  denied  { write }
for  pid=28891 comm="python" name="dump" dev=dm-2 ino=983042
scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
Jan  3 10:19:41 dantu kernel: audit(1167837581.876:59): avc:  denied  { add_name
} for  pid=28891 comm="python" name="2007-0103-1019.41-rhel4.17.core"
scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
Jan  3 10:19:41 dantu kernel: audit(1167837581.876:60): avc:  denied  { create }
for  pid=28891 comm="python" name="2007-0103-1019.41-rhel4.17.core"
scontext=user_u:system_r:xend_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
Jan  3 10:19:41 dantu kernel: audit(1167837581.888:61): avc:  denied  { write }
for  pid=28891 comm="python" name="2007-0103-1019.41-rhel4.17.core" dev=dm-2
ino=983043 scontext=user_u:system_r:xend_t:s0 tcontext=user_u:object_r:var_t:s0
tclass=file
Comment 1 Jeff Layton 2007-01-03 10:47:11 EST
I have:

kernel-xen-2.6.18-1.2869.fc6
selinux-policy-targeted-2.4.6-13.fc6
xen-3.0.3-1.fc6

Let me know if you need other info.
Comment 2 Daniel Walsh 2007-01-03 16:41:52 EST
You should be dumping under /var/lib/xen

You are not allowed to dump elsewhere unless you label it xen_lib_t
Comment 3 Jeff Layton 2007-01-03 16:44:32 EST
Then xm dump-core is borked and this should be reassigned to that since it's
hardcoded to dump to the wrong location.

Comment 4 Daniel Berrange 2007-01-11 15:49:44 EST
The updated RPM  xen-3.0.3-3.fc6  just pushed to updates-testing has moved the
core dump directory to /var/lib/xen/dumps. This should resolve the AVC denial issue.

Note You need to log in before you can comment on or make changes to this bug.