Souhrn: SELinux is preventing /sbin/blkid "read" access on dm-4. Podrobný popis: [blkid je v toleratním režimu (fsadm_t). Přístup byl povolen.] SELinux denied access requested by blkid. It is not expected that this access is required by blkid and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Další informace: Kontext zdroje system_u:system_r:fsadm_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:svirt_image_t:s0:c551,c559 Objekty cíle dm-4 [ blk_file ] Zdroj blkid Cesta zdroje /sbin/blkid Port <Neznámé> Počítač (removed) RPM balíčky zdroje util-linux-ng-2.18-4.fc14 RPM balíčky cíle RPM politiky selinux-policy-3.8.8-20.fc14 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název zásuvného modulu catchall Název počítače (removed) Platforma Linux (removed) 2.6.35.2-9.fc14.x86_64 #1 SMP Tue Aug 17 22:36:15 UTC 2010 x86_64 x86_64 Počet upozornění 2 Poprvé viděno Čt 26. srpen 2010, 20:12:15 CEST Naposledy viděno Čt 26. srpen 2010, 20:12:15 CEST Místní ID 5b6a87eb-34b9-448e-93f5-aa8bd1dbcdea Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1282846335.231:40): avc: denied { read } for pid=6062 comm="blkid" name="dm-4" dev=devtmpfs ino=12162 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_image_t:s0:c551,c559 tclass=blk_file node=(removed) type=AVC msg=audit(1282846335.231:40): avc: denied { open } for pid=6062 comm="blkid" name="dm-4" dev=devtmpfs ino=12162 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_image_t:s0:c551,c559 tclass=blk_file node=(removed) type=SYSCALL msg=audit(1282846335.231:40): arch=c000003e syscall=2 success=yes exit=3 a0=7fff54b24d99 a1=0 a2=10 a3=0 items=0 ppid=1919 pid=6062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="blkid" exe="/sbin/blkid" subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,blkid,fsadm_t,svirt_image_t,blk_file,read audit2allow suggests: #============= fsadm_t ============== allow fsadm_t svirt_image_t:blk_file { read open };
Miroslav add optional_policy(` virt_read_blk_images(fsadm_t) ') ######################################## ## <summary> ## Allow domain to read virt blk image files ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`virt_read_blk_images',` gen_require(` attribute virt_image_type; ') read_blk_files_pattern($1, virt_image_type, virt_image_type) ') To F13 Fixed in selinux-policy-3.9.0-1.fc14
selinux-policy-3.9.0-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.0-2.fc14
selinux-policy-3.9.0-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.0-2.fc14
selinux-policy-3.9.0-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.