Description of problem: SELinux denied access requested by /usr/sbin/blktapctrl. It is not expected that this access is required by /usr/sbin/blktapctrl and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create a new Virtual machine using Virtual Machine Manager 2. System Name: CentOS5 3. Virtualized Method:Paravirtualized 4. Install Media URL : /media/SCSI0_VOL1/Linux_Distros/CentOS-5.0-x86_64-bin-DVD.iso 5. Simple File (/home/tinh/xen/CentOS5)with Allocate entire disk now check (6GB) 6. Virtual Network (default) 7. VM Max Memory: 512MB, VM Startup Memory: 512 MB, VCPUs: 2 8. Actual results: Expected results: Additional info: Source Context: system_u:system_r:xend_tTarget Context: system_u:object_r:var_run_tTarget Objects: tap [ dir ]Affected RPM Packages: xen-3.1.0-0.rc7.1.fc7 [application]Policy RPM: selinux-policy-2.6.4-13.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.20-2925.9.fc7xen #1 SMP Tue May 22 09:29:36 EDT 2007 x86_64 x86_64Alert Count: 1First Seen: Thu 07 Jun 2007 04:07:00 PM ICTLast Seen: Thu 07 Jun 2007 04:07:00 PM ICTLocal ID: 934b71c8-b8d8-4a03-9178-034d395e54d2Line Numbers: Raw Audit Messages :avc: denied { create } for comm="blktapctrl" egid=0 euid=0 exe="/usr/sbin/blktapctrl" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="tap" pid=3065 scontext=system_u:system_r:xend_t:s0 sgid=0 subj=system_u:system_r:xend_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_run_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.6.4-14
Closing as fixes are in the current release