678293 – selinux permission problem in save restore flow

Bug 678293 - selinux permission problem in save restore flow

Summary: selinux permission problem in save restore flow

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Laine Stump
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-02-17 13:37 UTC by Moran Goldboim
Modified:	2011-04-14 05:49 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-03-01 16:39:56 UTC
Target Upstream Version:

Attachments	(Terms of Use)
libvirt log (1009.15 KB, text/plain) 2011-02-17 13:37 UTC, Moran Goldboim	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Moran Goldboim 2011-02-17 13:37:59 UTC

Created attachment 479324 [details]
libvirt log

Description of problem:
trying to save restore a domain using rhevm/vdsm domain wasn't coming back after restore:
type=AVC msg=audit(1297949226.201:7881): avc:  denied  { relabelfrom } for  pid=8345 comm="libvirtd" name="" dev=pipefs ino=3649275 scontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tclass=fifo_file

Version-Release number of selected component (if applicable):
libvirt-0.8.7-6.el6.x86_64
vdsm-4.9-48.el6.x86_64
kernel-2.6.32-94.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.start a vm 
2.save it
3.restore it
  
Actual results:
domain isn't restarted

Expected results:


Additional info:
disabling selinux operation is working

Comment 3 Haim 2011-03-01 16:39:56 UTC

works on latest builds with new selinux policy on both nfs and iscsi.

packages listed below:

libvirt-0.8.7-8.el6.x86_64
vdsm-4.9-51.1.el6.x86_64
libselinux-ruby-2.0.94-3.el6.x86_64
libselinux-debuginfo-2.0.94-3.el6.x86_64
selinux-policy-targeted-3.7.19-70.el6.noarch
libselinux-2.0.94-3.el6.x86_64
libselinux-utils-2.0.94-3.el6.x86_64
libselinux-python-2.0.94-3.el6.x86_64
libselinux-static-2.0.94-3.el6.x86_64
selinux-policy-3.7.19-70.el6.noarch
libselinux-devel-2.0.94-3.el6.x86_64

Note You need to log in before you can comment on or make changes to this bug.