Description of problem: Running "qemu-kvm -smb ~/dir" generates lots of AVCs and quickly fails. Putting system in permissive mode produces (full audit.log attached): #============= qemu_t ============== allow qemu_t cupsd_t:unix_stream_socket connectto; allow qemu_t cupsd_var_run_t:sock_file { write getattr }; allow qemu_t inotifyfs_t:dir read; allow qemu_t random_device_t:chr_file read; allow qemu_t self:netlink_route_socket { write getattr read bind create nlmsg_read }; allow qemu_t smbd_exec_t:file { read execute execute_no_trans }; allow qemu_t sysctl_kernel_t:dir search; allow qemu_t sysctl_kernel_t:file read; allow qemu_t tmp_t:dir { write create add_name }; allow qemu_t tmp_t:file { write getattr setattr read lock create append }; allow qemu_t urandom_device_t:chr_file read; allow qemu_t user_home_t:file { read append }; Version-Release number of selected component (if applicable): kvm-63-2.fc9.i386 selinux-policy-3.3.1-12.fc9.noarch How reproducible: Every time Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 297525 [details] /var/log/audit/audit.log with "qemu-kvm -smb" troubles
I hate this type of thing, But... Fixed in selinux-policy-3.3.1-14.fc9