Bug 464158 - AVC's while attempting /sbin/service xenner start
AVC's while attempting /sbin/service xenner start
Status: CLOSED DUPLICATE of bug 450723
Product: Fedora
Classification: Fedora
Component: xenner (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Gerd Hoffmann
Fedora Extras Quality Assurance
Depends On:
Blocks: F10Target
  Show dependency treegraph
Reported: 2008-09-26 10:41 EDT by James Laska
Modified: 2013-09-02 02:28 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-29 05:45:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Laska 2008-09-26 10:41:46 EDT
Description of problem:

xenner fails to start due to AVC denials.

Version-Release number of selected component (if applicable):

Actual results:

# /etc/init.d/xenner start
Starting xenner daemons
  mount -t tmpfs vmcore /var/run/xenner                    [  OK  ]
  evtchnd                                                  [  OK  ]
  xenstored                                                [  OK  ]
connect(unix): Permission denied
socket(tcp): Permission denied
FATAL: Failed to open evtchn device: Permission denied
  chmod 666 /var/run/xenstored/socket*                     [  OK  ]
  xenconsoled                                              [  OK  ]
  blkbackdcan't connect to xenstored
  netbackdcan't connect to xenstored

Expected results:

No AVC denials.

Additional info:

# cat /var/log/audit/audit.log | audit2allow 

#============= dhcpc_t ==============
allow dhcpc_t initrc_exec_t:file getattr;

#============= qemu_t ==============
allow qemu_t fixed_disk_device_t:blk_file { read getattr };

#============= system_dbusd_t ==============
allow system_dbusd_t hi_reserved_port_t:tcp_socket name_bind;
allow system_dbusd_t portmap_port_t:tcp_socket name_connect;

#============= xenstored_t ==============
allow xenstored_t self:tcp_socket create;
allow xenstored_t var_run_t:sock_file write;

 * Note, the setroubleshoot message suggests:

Allowing Access:
You can attempt to fix file context by executing restorecon -v 'evtchnd' 

is that supposed to be showing an absolute path (/var/run/evtchnd)?

 # # restorecon -vR /var/run
restorecon reset /var/run/xenner context unconfined_u:object_r:tmpfs_t:s0->system_u:object_r:xend_var_run_t:s0

The problem remains
Comment 1 Gerd Hoffmann 2008-09-29 05:45:41 EDT

*** This bug has been marked as a duplicate of bug 450723 ***

Note You need to log in before you can comment on or make changes to this bug.