Bug 741567 - SELinux prevents write access to /dev/sr0 (CDROM)
SELinux prevents write access to /dev/sr0 (CDROM)
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: qemu (Show other bugs)
15
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Fedora Virtualization Maintainers
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-27 06:02 EDT by Martin Wilck
Modified: 2013-01-09 19:23 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-28 19:55:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screenshot of sealert (69.11 KB, image/png)
2011-09-27 06:02 EDT, Martin Wilck
no flags Details

  None (edit)
Description Martin Wilck 2011-09-27 06:02:36 EDT
Created attachment 525078 [details]
screenshot of sealert

Description of problem:
SELinux is preventing /usr/bin/qemu-kvm from write access on the blk_file sr0. For complete SELinux messages. run sealert -l 0ebd25db-0a0a-4762-b0a0-80df675300cf

sealert -l 0ebd25db-0a0a-4762-b0a0-80df675300cf

SELinux is preventing /usr/bin/qemu-kvm from write access on the blk_file sr0.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that qemu-kvm should be allowed write access on the sr0 blk_file by default.
Then you should report this as a bug.

Version-Release number of selected component (if applicable):
qemu-kvm-0.14.0-7.fc15
selinux-policy-targeted-3.9.16-26.fc15

From audit.log:

type=AVC msg=audit(1317114972.590:4035): avc:  denied  { write } for  pid=12144 comm="qemu-kvm" name="sr0" dev=devtmpfs ino=1199 scontext=system_u:system_r:svirt_t:s0:c723,c875 tcontext=system_u:object_r:virt_content_t:s0 tclass=blk_file

How reproducible:
always

Steps to Reproduce:
1. Start VM with CD-ROM "disconnected" (qemu is accessing /dev/sr0 physical CD-ROM driver, CD is inserted).
2.When guest OS asks for CD insertion, click on "connect" in virt-manager CD-ROM tab

  
Actual results:
Permission denied error (see above).

Expected results:
This basic ioperation should be possible

Additional info:
Strace of qemu shows that it is requesting RW access on the CD-ROM drive although the device is configured as readonly device.
Comment 1 Fedora Admin XMLRPC Client 2012-03-15 13:54:10 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Cole Robinson 2012-05-28 19:55:25 EDT
This is fixed in Fedora 16 and later AIUI, but it needed some qemu cooperation which won't be backported, since F15 is end of life in a month. If you are still seeing this issue with a more recent Fedora, please reopen this report.

Note You need to log in before you can comment on or make changes to this bug.