Bug 490305 - SELinux denies multiple functions in VMware guest
SELinux denies multiple functions in VMware guest
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On: 490252
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-14 23:20 EDT by Allen Kistler
Modified: 2009-03-16 11:20 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-16 11:20:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
vmware-related AVC denial records from audit.log (37.49 KB, text/plain)
2009-03-14 23:20 EDT, Allen Kistler
no flags Details
vmware-related AVC denial records from audit.log (38.66 KB, text/plain)
2009-03-15 12:51 EDT, Allen Kistler
no flags Details

  None (edit)
Description Allen Kistler 2009-03-14 23:20:31 EDT
Created attachment 335239 [details]
vmware-related AVC denial records from audit.log

Description of problem:
F11-Alpha running inside VMware Workstation has VMwareTools installed.  vmware-guestd, vmware-user, and a few other binaries running with context vmware_host_t get denied for lots of things by SELinux.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.8-3.fc11

How reproducible:
Always

Steps to Reproduce:
1. Run vmware-tools from it's init script, typically on boot
2. Look in the audit.log or the setroubleshoot browser
  
Actual results:
Lots of AVC denial records (see attachment)

Expected results:
No AVC denial records

Additional info:
Some of the type enforcement is additionally denied by constraints reported in Bug 490252.

The attachment includes only those things I've seen so far, of course.
Comment 1 Allen Kistler 2009-03-15 12:51:25 EDT
Created attachment 335262 [details]
vmware-related AVC denial records from audit.log

Updated list of log records
Comment 2 Daniel Walsh 2009-03-16 11:20:02 EDT
Fixed in selinux-policy-3.6.9-2.fc11.noarch

Note You need to log in before you can comment on or make changes to this bug.