SummarySELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplug/block (udev_var_run_t).Detailed DescriptionSELinux denied access requested by /sbin/losetup. It is not expected that this access is required by /sbin/losetup and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/run/xen-hotplug/block, restorecon -v /var/run/xen-hotplug/block If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.Additional InformationSource Context: system_u:system_r:fsadm_t:SystemLow-SystemHighTarget Context: system_u:object_r:udev_var_run_tTarget Objects: /var/run/xen-hotplug/block [ file ]Affected RPM Packages: util-linux-2.13-0.45.el5_1.1 [application]Policy RPM: selinux-policy-2.4.6-106.el5_1.3Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.18-53.1.13.el5xen #1 SMP Mon Feb 11 13:56:26 EST 2008 i686 i686Alert Count: 2Line Numbers: Raw Audit Messages :avc: denied { append } for comm="losetup" dev=dm-0 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0 fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=4990 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0
Created attachment 295818 [details] Printout From the SELinux troubleshooter Browser
We need a little more information than this. What were you doing at the time that this happened? What are the versions of the various packages you are using (kernel-xen, xen, libvirt, selinux-policy, etc.). What was the effect of the SELinux denial? Finally, please attach /var/log/xen/xend.log and /var/log/xen/xend-debug.log so we can see what is going on with xend. Thanks, Chris Lalancette
This is actually a dup of another bug, 439987. Closing it as such. Chris Lalancette *** This bug has been marked as a duplicate of bug 439987 ***