First Last Prev Next    This bug is not in your last search results.
Bug 446552 - SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplug/block (udev_var_run_t).
SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplu...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.1
x86_64 Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-14 22:14 EDT by Rahadi Kurniawan
Modified: 2008-05-23 15:34 EDT (History)
1 user (show)

See Also:
Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-23 15:34:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Rahadi Kurniawan 2008-05-14 22:14:35 EDT 
Description of problem:
SELinux is preventing /sbin/losetup (fsadm_t) "append" to
/var/run/xen-hotplug/block (udev_var_run_t).

Version-Release number of selected component (if applicable):
Source Context:  system_u:system_r:fsadm_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:udev_var_run_tTarget
Objects:  /var/run/xen-hotplug/block [ file ]Affected RPM
Packages:  util-linux-2.13-0.45.el5 [application]Policy
RPM:  selinux-policy-2.4.6-104.el5Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin
Name:  plugins.catchall_fileHost Name:  host.domain.com Platform:  Linux
host.domain.com 2.6.18-53.el5xen #1 SMP Mon Nov 12 02:46:57 EST 2007 x86_64
x86_64Alert Count:  261Line Numbers:   Raw Audit Messages :avc: denied { append
} for comm="losetup" dev=sda3 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0
fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=5435
scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0 

How reproducible:


Steps to Reproduce:
1. run centos on xen
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rahadi Kurniawan 2008-05-14 22:15:17 EDT 
the guest os is centos 5.1
Comment 2 Daniel Walsh 2008-05-15 14:40:25 EDT 
I think this is fixed in u2 policy

preview up on 

http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 3 K Schincke 2008-05-22 23:28:10 EDT 
Daniel,

I have updated my policy (106) to the 137 release. I am now able to create a
full virt DomU to a disk image file. 

Good work

Keith
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.