Bug 859395 - $HOME/.cache/libvirt/qemu/log is not labelled correctly
Summary: $HOME/.cache/libvirt/qemu/log is not labelled correctly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-09-21 12:42 UTC by Richard W.M. Jones
Modified: 2012-12-15 19:17 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-12-15 19:17:02 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Richard W.M. Jones 2012-09-21 12:42:45 UTC
Description of problem:

Probably best just to read Dan's description of the problem here:

https://www.redhat.com/archives/libvir-list/2012-September/msg01546.html

Comment 1 Miroslav Grepl 2012-09-21 12:49:42 UTC
# rpm -q selinux-policy

Comment 2 Richard W.M. Jones 2012-09-21 12:55:15 UTC
I'm using:
selinux-policy-3.11.1-7.fc18.noarch

However the question is whether upstream selinux-policy
knows about .cache/libvirt and .config/libvirt.

By the way, I've no idea how these should be labelled,
just that changing the labels makes libvirt logging work
(with Dan's patch).

Comment 3 Daniel Walsh 2012-09-26 20:45:08 UTC
 matchpathcon /home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log
/home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log	unconfined_u:object_r:svirt_home_t:s0


On my F18 box. 

So the proper labels are in place.  The problem is Rawhide not getting the latest policy from F18.

Comment 4 Richard W.M. Jones 2012-09-26 20:57:28 UTC
I found that restorecon -F -R -v ~/.cache fixed this
problem (once I'd manually downloaded and installed the
latest selinux-policy).

Note I had to use the '-F' option.  That wasn't completely
obvious, but it turned out to have something to do with
svirt_home_t being a "customizable type".


Note You need to log in before you can comment on or make changes to this bug.