Bug 434819 - SELinux Error with Xen
Summary: SELinux Error with Xen
Keywords:
Status: CLOSED DUPLICATE of bug 439987
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen
Version: 5.1
Hardware: x86_64
OS: All
low
medium
Target Milestone: rc
: ---
Assignee: Xen Maintainance List
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-25 17:29 UTC by LAD
Modified: 2009-12-14 21:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-22 10:49:12 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Printout From the SELinux troubleshooter Browser (115.38 KB, application/pdf)
2008-02-25 17:29 UTC, LAD 		no flags Details
View All

Description LAD 2008-02-25 17:29:55 UTC 
SummarySELinux is preventing /sbin/losetup (fsadm_t) "append" to
/var/run/xen-hotplug/block (udev_var_run_t).Detailed DescriptionSELinux denied
access requested by /sbin/losetup. It is not expected that this access is
required by /sbin/losetup and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.Allowing AccessSometimes labeling
problems can cause SELinux denials. You could try to restore the default system
file context for /var/run/xen-hotplug/block, restorecon -v
/var/run/xen-hotplug/block If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a bug
report against this package.Additional InformationSource
Context:  system_u:system_r:fsadm_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:udev_var_run_tTarget
Objects:  /var/run/xen-hotplug/block [ file ]Affected RPM
Packages:  util-linux-2.13-0.45.el5_1.1 [application]Policy
RPM:  selinux-policy-2.4.6-106.el5_1.3Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  PermissivePlugin
Name:  plugins.catchall_fileHost Name:  localhost.localdomainPlatform:  Linux
localhost.localdomain 2.6.18-53.1.13.el5xen #1 SMP Mon Feb 11 13:56:26 EST 2008
i686 i686Alert Count:  2Line Numbers:   Raw Audit Messages :avc: denied { append
} for comm="losetup" dev=dm-0 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0
fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=4990
scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0
Comment 1 LAD 2008-02-25 17:29:55 UTC 
Created attachment 295818 [details]
Printout From the SELinux troubleshooter Browser
Comment 2 Chris Lalancette 2008-02-27 03:57:30 UTC 
We need a little more information than this.  What were you doing at the time
that this happened?  What are the versions of the various packages you are using
(kernel-xen, xen, libvirt, selinux-policy, etc.).  What was the effect of the
SELinux denial?  Finally, please attach /var/log/xen/xend.log and
/var/log/xen/xend-debug.log so we can see what is going on with xend.

Thanks,
Chris Lalancette
Comment 3 Chris Lalancette 2009-01-22 10:49:12 UTC 
This is actually a dup of another bug, 439987.  Closing it as such.

Chris Lalancette

*** This bug has been marked as a duplicate of bug 439987 ***
Note You need to log in before you can comment on or make changes to this bug.