+++ This bug was initially created as a clone of Bug #222687 +++ Description of problem: Whenever I start a Xen domain created using virt-install, there are SELinux denials. Version-Release number of selected component (if applicable): net-tools-1.60-73 How reproducible: Every time Steps to Reproduce: 1. Start a Xen domain 2. 3. Actual results: SELinux denials reported (I'm in permissive mode at the moment, until these problems are resolved) Expected results: Domain starts normally Additional info: -- Additional comment from bloch on 2007-01-15 13:45 EST -- Created an attachment (id=145604) Error report via setroubleshoot -- Additional comment from dwalsh on 2007-01-15 15:14 EST -- Did this actually block something from working? If you try this in enforcing mode do you see errors? This looks like xen is leaking an open descriptor to the xen_image_t file. There is no reason ifconfig should ever need to read/write this disk image. I believe this should work in enforcing mode. -- Additional comment from bloch on 2007-01-16 14:04 EST -- Yes, there are errors when running in enforcing mode, though things do appear to be working. -- Additional comment from berrange on 2007-03-27 11:25 EST -- QEMU was leaking file handles to the networking scripts which caused SELinux errors. This was fixed in Xen 3.0.3-7.fc6 * Tue Mar 6 2007 Daniel P. Berrange <berrange> - 3.0.3-7.fc6 - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634) - Fix ia64 shadow page table mode - Close QEMU file handles when running network script Please upgrade & confirm that the errors went away.
Created attachment 151040 [details] Close file handles before running network scripts This is the patch applied upstream & to Fedora to fix QEMU filehandle leak
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Built into dist-5E-qu-candidate as xen-3.0.3-27.el5 * Thu Jun 14 2007 Daniel P. Berrange <berrange> - 3.0.3-27.el5 - Update low level (non-XenD) userspace to work with 3.1.0 hypervisor (rhbz#243462, rhbz#234166, rhbz#230790)
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2007-0635.html