This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 222687 - SELinux errors when starting Xen domain
SELinux errors when starting Xen domain
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Xen Maintainance List
Brian Brock
:
Depends On:
Blocks: 234166
  Show dependency treegraph
 
Reported: 2007-01-15 13:45 EST by Adam Huffman
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: xen-3.0.3-8.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-02 09:03:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Error report via setroubleshoot (2.23 KB, text/plain)
2007-01-15 13:45 EST, Adam Huffman
no flags Details

  None (edit)
Description Adam Huffman 2007-01-15 13:45:15 EST
Description of problem:
Whenever I start a Xen domain created using virt-install, there are SELinux denials.

Version-Release number of selected component (if applicable):
net-tools-1.60-73

How reproducible:
Every time

Steps to Reproduce:
1. Start a Xen domain
2.
3.
  
Actual results:
SELinux denials reported (I'm in permissive mode at the moment, until these
problems are resolved)

Expected results:
Domain starts normally

Additional info:
Comment 1 Adam Huffman 2007-01-15 13:45:15 EST
Created attachment 145604 [details]
Error report via setroubleshoot
Comment 2 Daniel Walsh 2007-01-15 15:14:00 EST
Did this actually block something from working?  If you try this in enforcing
mode do you see errors?  This looks like xen is leaking an open descriptor to
the xen_image_t file.  There is no reason ifconfig should ever need to
read/write this disk image.  I believe this should work in enforcing mode.
Comment 3 Adam Huffman 2007-01-16 14:04:25 EST
Yes, there are errors when running in enforcing mode, though things do appear to
be working.
Comment 4 Daniel Berrange 2007-03-27 11:25:56 EDT
QEMU was leaking file handles to the networking scripts which caused SELinux
errors. This was fixed in Xen 3.0.3-7.fc6

* Tue Mar  6 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script

Please upgrade & confirm that the errors went away.
Comment 5 David Juran 2007-04-02 04:32:00 EDT
Yes, this indeed seems to be fixed in xen-3.0.3-8.fc6 (-:

Note You need to log in before you can comment on or make changes to this bug.