Bug 436882 - "qemu-kvm -smb dir" throws AVCs, fails in enforcing mode
"qemu-kvm -smb dir" throws AVCs, fails in enforcing mode
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kvm (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Jeremy Katz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-10 17:54 EDT by Tom London
Modified: 2008-03-11 17:57 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-11 17:57:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
/var/log/audit/audit.log with "qemu-kvm -smb" troubles (29.23 KB, text/plain)
2008-03-10 17:55 EDT, Tom London
no flags Details

  None (edit)
Description Tom London 2008-03-10 17:54:20 EDT
Description of problem:
Running "qemu-kvm -smb ~/dir" generates lots of AVCs and quickly fails.

Putting system in permissive mode produces (full audit.log attached):

#============= qemu_t ==============
allow qemu_t cupsd_t:unix_stream_socket connectto;
allow qemu_t cupsd_var_run_t:sock_file { write getattr };
allow qemu_t inotifyfs_t:dir read;
allow qemu_t random_device_t:chr_file read;
allow qemu_t self:netlink_route_socket { write getattr read bind create
nlmsg_read };
allow qemu_t smbd_exec_t:file { read execute execute_no_trans };
allow qemu_t sysctl_kernel_t:dir search;
allow qemu_t sysctl_kernel_t:file read;
allow qemu_t tmp_t:dir { write create add_name };
allow qemu_t tmp_t:file { write getattr setattr read lock create append };
allow qemu_t urandom_device_t:chr_file read;
allow qemu_t user_home_t:file { read append };


Version-Release number of selected component (if applicable):
kvm-63-2.fc9.i386
selinux-policy-3.3.1-12.fc9.noarch

How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2008-03-10 17:55:49 EDT
Created attachment 297525 [details]
/var/log/audit/audit.log with "qemu-kvm -smb" troubles
Comment 2 Daniel Walsh 2008-03-11 17:57:20 EDT
I hate this type of thing,   But...
Fixed in selinux-policy-3.3.1-14.fc9

Note You need to log in before you can comment on or make changes to this bug.