Bug 859395 - $HOME/.cache/libvirt/qemu/log is not labelled correctly
$HOME/.cache/libvirt/qemu/log is not labelled correctly
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-09-21 08:42 EDT by Richard W.M. Jones
Modified: 2012-12-15 14:17 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-12-15 14:17:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2012-09-21 08:42:45 EDT
Description of problem:

Probably best just to read Dan's description of the problem here:

Comment 1 Miroslav Grepl 2012-09-21 08:49:42 EDT
# rpm -q selinux-policy
Comment 2 Richard W.M. Jones 2012-09-21 08:55:15 EDT
I'm using:

However the question is whether upstream selinux-policy
knows about .cache/libvirt and .config/libvirt.

By the way, I've no idea how these should be labelled,
just that changing the labels makes libvirt logging work
(with Dan's patch).
Comment 3 Daniel Walsh 2012-09-26 16:45:08 EDT
 matchpathcon /home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log
/home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log	unconfined_u:object_r:svirt_home_t:s0

On my F18 box. 

So the proper labels are in place.  The problem is Rawhide not getting the latest policy from F18.
Comment 4 Richard W.M. Jones 2012-09-26 16:57:28 EDT
I found that restorecon -F -R -v ~/.cache fixed this
problem (once I'd manually downloaded and installed the
latest selinux-policy).

Note I had to use the '-F' option.  That wasn't completely
obvious, but it turned out to have something to do with
svirt_home_t being a "customizable type".

Note You need to log in before you can comment on or make changes to this bug.