Hide Forgot
Summary: SELinux is preventing /usr/libexec/qemu-kvm "getattr" access on /var/lib/libvirt/images/windows_7_32.img. Detailed Description: SELinux denied access requested by qemu-kvm. It is not expected that this access is required by qemu-kvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:svirt_t:s0:c310,c710 Target Context system_u:object_r:virt_image_t:s0 Target Objects /var/lib/libvirt/images/windows_7_32.img [ file ] Source qemu-kvm Source Path /usr/libexec/qemu-kvm Port <Unknown> Host (removed) Source RPM Packages qemu-kvm-0.12.1.2-2.113.el6_0.8 Target RPM Packages Policy RPM selinux-policy-3.7.19-54.el6_0.5 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux jeeves.2wire313.net 2.6.32-71.24.1.el6.x86_64 #1 SMP Sat Mar 26 16:05:19 EDT 2011 x86_64 x86_64 Alert Count 1 First Seen Sat 07 May 2011 10:27:34 AM EDT Last Seen Sat 07 May 2011 10:27:34 AM EDT Local ID f45b93bc-040c-4434-b161-79443b60aedb Line Numbers Raw Audit Messages node=jeeves.2wire313.net type=AVC msg=audit(1304778454.445:51): avc: denied { getattr } for pid=11249 comm="qemu-kvm" path="/var/lib/libvirt/images/windows_7_32.img" dev=dm-3 ino=705321 scontext=system_u:system_r:svirt_t:s0:c310,c710 tcontext=system_u:object_r:virt_image_t:s0 tclass=file node=jeeves.2wire313.net type=SYSCALL msg=audit(1304778454.445:51): arch=c000003e syscall=4 success=no exit=-13 a0=1f8fe60 a1=7fff5fa295c0 a2=7fff5fa295c0 a3=1 items=0 ppid=1 pid=11249 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c310,c710 key=(null) Hash String generated from catchall,qemu-kvm,svirt_t,virt_image_t,file,getattr audit2allow suggests: #============= svirt_t ============== allow svirt_t virt_image_t:file getattr;
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This looks like a labeling issue? Any idea how this happened? Was /var/lib/libvirt/images/windows_7_32.img related to the virtual machine you were running?