Description of problem: SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplug/block (udev_var_run_t). Version-Release number of selected component (if applicable): Source Context: system_u:system_r:fsadm_t:SystemLow-SystemHighTarget Context: system_u:object_r:udev_var_run_tTarget Objects: /var/run/xen-hotplug/block [ file ]Affected RPM Packages: util-linux-2.13-0.45.el5 [application]Policy RPM: selinux-policy-2.4.6-104.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: host.domain.com Platform: Linux host.domain.com 2.6.18-53.el5xen #1 SMP Mon Nov 12 02:46:57 EST 2007 x86_64 x86_64Alert Count: 261Line Numbers: Raw Audit Messages :avc: denied { append } for comm="losetup" dev=sda3 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0 fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=5435 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0 How reproducible: Steps to Reproduce: 1. run centos on xen 2. 3. Actual results: Expected results: Additional info:
the guest os is centos 5.1
I think this is fixed in u2 policy preview up on http://people.redhat.com/dwalsh/SELinux/RHEL5
Daniel, I have updated my policy (106) to the 137 release. I am now able to create a full virt DomU to a disk image file. Good work Keith