Resúmen: SELinux is preventing the /usr/bin/qemu-kvm from using potentially mislabeled files (/home/juan/Downloads). Descripción Detallada: [SELinux esta en modo permisivo. Este acceso no fue denegado.] SELinux has denied qemu-kvm access to potentially mislabeled file(s) (/home/juan/Downloads). This means that SELinux will not allow qemu-kvm to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Permitiendo Acceso: If you want qemu-kvm to access this files, you need to relabel them using restorecon -v '/home/juan/Downloads'. You might want to relabel the entire directory using restorecon -R -v '<Unknown>'. Información Adicional: Contexto Fuente system_u:system_r:svirt_t:s0:c435,c879 Contexto Destino unconfined_u:object_r:user_home_t:s0 Objetos Destino /home/juan/Downloads [ lnk_file ] Fuente qemu-kvm Dirección de Fuente /usr/bin/qemu-kvm Puerto <Desconocido> Nombre de Equipo (removed) Paquetes RPM Fuentes qemu-system-x86-0.11.0-11.fc12 Paquetes RPM Destinos RPM de Políticas selinux-policy-3.6.32-41.fc12 SELinux Activado True Tipo de Política targeted Modo Obediente Permissive Nombre de Plugin home_tmp_bad_labels Nombre de Equipo (removed) Plataforma Linux (removed) 2.6.31.5-127.fc12.x86_64 #1 SMP Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64 Cantidad de Alertas 1 Visto por Primera Vez mié 18 nov 2009 00:50:02 ART Visto por Última Vez mié 18 nov 2009 00:50:02 ART ID Local 4ac6adc8-b984-4a48-886c-878c368b1cd5 Números de Línea Mensajes de Auditoría Crudos node=(removed) type=AVC msg=audit(1258516202.465:22104): avc: denied { read } for pid=2741 comm="qemu-kvm" name="Downloads" dev=sda3 ino=68780 scontext=system_u:system_r:svirt_t:s0:c435,c879 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file node=(removed) type=SYSCALL msg=audit(1258516202.465:22104): arch=c000003e syscall=4 success=yes exit=0 a0=7fffee30b230 a1=7fffee308880 a2=7fffee308880 a3=7fffee308610 items=0 ppid=1 pid=2741 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c435,c879 key=(null) Hash String generated from selinux-policy-3.6.32-41.fc12,home_tmp_bad_labels,qemu-kvm,svirt_t,user_home_t,lnk_file,read audit2allow suggests: #============= svirt_t ============== allow svirt_t user_home_t:lnk_file read;
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-59.fc12.noarch
selinux-policy-3.6.32-59.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-59.fc12
selinux-policy-3.6.32-59.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13384