Bug 446552 - SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplug/block (udev_var_run_t).
SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-hotplu...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.1
x86_64 Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-14 22:14 EDT by Rahadi Kurniawan
Modified: 2008-05-23 15:34 EDT (History)
1 user (show)

See Also:
Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-23 15:34:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rahadi Kurniawan 2008-05-14 22:14:35 EDT
Description of problem:
SELinux is preventing /sbin/losetup (fsadm_t) "append" to
/var/run/xen-hotplug/block (udev_var_run_t).

Version-Release number of selected component (if applicable):
Source Context:  system_u:system_r:fsadm_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:udev_var_run_tTarget
Objects:  /var/run/xen-hotplug/block [ file ]Affected RPM
Packages:  util-linux-2.13-0.45.el5 [application]Policy
RPM:  selinux-policy-2.4.6-104.el5Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin
Name:  plugins.catchall_fileHost Name:  host.domain.com Platform:  Linux
host.domain.com 2.6.18-53.el5xen #1 SMP Mon Nov 12 02:46:57 EST 2007 x86_64
x86_64Alert Count:  261Line Numbers:   Raw Audit Messages :avc: denied { append
} for comm="losetup" dev=sda3 egid=0 euid=0 exe="/sbin/losetup" exit=0 fsgid=0
fsuid=0 gid=0 items=0 path="/var/run/xen-hotplug/block" pid=5435
scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0 

How reproducible:


Steps to Reproduce:
1. run centos on xen
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rahadi Kurniawan 2008-05-14 22:15:17 EDT
the guest os is centos 5.1
Comment 2 Daniel Walsh 2008-05-15 14:40:25 EDT
I think this is fixed in u2 policy

preview up on 

http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 3 K Schincke 2008-05-22 23:28:10 EDT
Daniel,

I have updated my policy (106) to the 137 release. I am now able to create a
full virt DomU to a disk image file. 

Good work

Keith

Note You need to log in before you can comment on or make changes to this bug.