Bug 434819 - SELinux Error with Xen
SELinux Error with Xen
Status: CLOSED DUPLICATE of bug 439987
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen (Show other bugs)
x86_64 All
low Severity medium
: rc
: ---
Assigned To: Xen Maintainance List
Virtualization Bugs
Depends On:
  Show dependency treegraph
Reported: 2008-02-25 12:29 EST by LAD
Modified: 2009-12-14 16:25 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-22 05:49:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Printout From the SELinux troubleshooter Browser (115.38 KB, application/pdf)
2008-02-25 12:29 EST, LAD
no flags Details

  None (edit)
Description LAD 2008-02-25 12:29:55 EST
SummarySELinux is preventing /sbin/losetup (fsadm_t) "append" to
/var/run/xen-hotplug/block (udev_var_run_t).Detailed DescriptionSELinux denied
access requested by /sbin/losetup. It is not expected that this access is
required by /sbin/losetup and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.Allowing AccessSometimes labeling
problems can cause SELinux denials. You could try to restore the default system
file context for /var/run/xen-hotplug/block, restorecon -v
/var/run/xen-hotplug/block If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a bug
report against this package.Additional InformationSource
Context:  system_u:system_r:fsadm_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:udev_var_run_tTarget
Objects:  /var/run/xen-hotplug/block [ file ]Affected RPM
Packages:  util-linux-2.13-0.45.el5_1.1 [application]Policy
RPM:  selinux-policy-2.4.6-106.el5_1.3Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  PermissivePlugin
Name:  plugins.catchall_fileHost Name:  localhost.localdomainPlatform:  Linux
localhost.localdomain 2.6.18-53.1.13.el5xen #1 SMP Mon Feb 11 13:56:26 EST 2008
i686 i686Alert Count:  2Line Numbers:   Raw Audit Messages :avc: denied { append
} for comm="losetup" dev=dm-0 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0
fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=4990
scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0
Comment 1 LAD 2008-02-25 12:29:55 EST
Created attachment 295818 [details]
Printout From the SELinux troubleshooter Browser
Comment 2 Chris Lalancette 2008-02-26 22:57:30 EST
We need a little more information than this.  What were you doing at the time
that this happened?  What are the versions of the various packages you are using
(kernel-xen, xen, libvirt, selinux-policy, etc.).  What was the effect of the
SELinux denial?  Finally, please attach /var/log/xen/xend.log and
/var/log/xen/xend-debug.log so we can see what is going on with xend.

Chris Lalancette
Comment 3 Chris Lalancette 2009-01-22 05:49:12 EST
This is actually a dup of another bug, 439987.  Closing it as such.

Chris Lalancette

*** This bug has been marked as a duplicate of bug 439987 ***

Note You need to log in before you can comment on or make changes to this bug.