Hide Forgot
Description of problem: Dan Walsh has seen full details here, and agrees this is a bug, so the report here will be somewhat abbreviated. Basically, with the unconfined module disabled: rlpowell@basti> sudo virsh console vrici Connected to domain vrici Escape character is ^] error: Unable to open stream for '/dev/pts/3': Permission denied which is bad. Version-Release number of selected component (if applicable): 3.9.16-32.fc15 How reproducible: Disable unconfined. Try to virsh console. Additional info: The following module fixes it: rlpowell@basti> cat myvirt.te module myvirt 1.0; require { type virtd_t; type svirt_devpts_t; class chr_file { read write open }; } #============= virtd_t ============== #!!!! This avc can be allowed using the boolean 'allow_daemons_use_tty' allow virtd_t svirt_devpts_t:chr_file open; #!!!! This avc is allowed in the current policy allow virtd_t svirt_devpts_t:chr_file { read write };
Miroslav I have a fix for this in Rawhide. Needs to be back ported to RHEL6 also.
Fixed in selinux-policy-3.9.16-34.fc15
selinux-policy-3.9.16-34.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-34.fc15
Package selinux-policy-3.9.16-34.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-34.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-34.fc15 then log in and leave karma (feedback).
Looking good, thank you! -Robin
selinux-policy-3.9.16-34.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.