Description of problem: If creation of /var/run/tap/tapctrlread1 fails, then the blktapctrl process itself dies. The consequence of this is that any further attempts to create domains cause the domains to not be able to see any of their tap disks. I discovered this as a side-effect of bug 239449. Version-Release number of selected component (if applicable): xen-3.1.0-0.rc7.1.fc7 How reproducible: Always on my test machine. Steps to Reproduce: 1. Boot machine either with setenforce Enforcing (or change SELinux to Enforcing after boot). Notice that blktapctrl process is running as you would expect. 2. Use virt-manager to create a new domain. Use a disk image for storage. This will fail (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239449#c2) - and you should see that blktapctrl process has now disappeared. 3. Change SELinux to Permissive and use virt-manager to create another domain. Again, use a disk image for storage. Actual results: The second install in step 3 will fail because the domain will be unable to see its disk. Expected results: Domain should be able to see its disk, or virt-manager should produce an error because blktapctrl is unavailable. Additional info: Rebooting or running service xend restart fixes the problem by restarting blktapctrl. AVC failure (NB: only the first one because Enforcing): audit(1178723555.374:16): avc: denied { create } for pid=2981 comm="blktapctrl" name="tapctrlread1" scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=fifo_file audit2allow on the above: #============= xend_t ============== allow xend_t var_run_t:fifo_file create;
Change status to NEEDINFO of me - I need to check if this still happens with current SELinux policy.
Based on the date this bug was created, it appears to have been reported against rawhide during the development of a Fedora release that is no longer maintained. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained. If this bug remains in NEEDINFO thirty (30) days from now, we will automatically close it. If you can reproduce this bug in a maintained Fedora version (7, 8, or rawhide), please change this bug to the respective version and change the status to ASSIGNED. (If you're unable to change the bug's version or status, add a comment to the bug and someone will change it for you.) Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again.
I checked the SELinux policy but it doesn't look like it contains the correct rule to fix this. However need to retest when I get my machine back to Xen. Assigning this back to me.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Very old bug with very little interest, so closing WONTFIX.