Bug 867395 - [selinux-policy] AVC when trying to start qemu-kvm domain (guest) on posix compliant file-system
Summary: [selinux-policy] AVC when trying to start qemu-kvm domain (guest) on posix co...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.4
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On: 835936
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-10-17 12:40 UTC by RHEL Program Management
Modified: 2013-01-11 11:34 UTC (History)
14 users (show)

Fixed In Version: selinux-policy-3.7.19-155.el6_3.6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-08 19:05:15 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:1441 0 normal SHIPPED_LIVE selinux-policy bug fix update 2012-11-09 00:00:15 UTC

Description RHEL Program Management 2012-10-17 12:40:43 UTC
This bug has been copied from bug #835936 and has been proposed
to be backported to 6.3 z-stream (EUS).

Comment 4 Miroslav Grepl 2012-10-18 12:40:44 UTC
Fixed in selinux-policy-3.7.19-155.el6_3.6

Comment 6 Anush Shetty 2012-10-23 12:35:42 UTC
On RHEL 6.3 hypervisor, we updated the selinux-policy and selinux-policy-targeted rpm and the enabled the sanlock_use_fusefs and virt_use_fusefs booleans. With selinux in enforcing mode, we were able to create VMs and migrate VMs. So moving this bug to verified.
     
    [root@rhs-gp-srv2 ~]# getsebool -a | grep fusefs
    samba_share_fusefs --> off
    sanlock_use_fusefs --> on
    use_fusefs_home_dirs --> off
    virt_use_fusefs --> on
     
     
    [root@rhs-gp-srv2 ~]# sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /selinux
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy version:                 24
    Policy from config file:        targeted
     
     
    [root@rhs-gp-srv2 ~]# rpm -qa | grep -i selinux
    libselinux-python-2.0.94-5.3.el6.x86_64
    selinux-policy-3.7.19-155.el6_3.6.noarch
    libselinux-2.0.94-5.3.el6.x86_64
    selinux-policy-targeted-3.7.19-155.el6_3.6.noarch
    libselinux-utils-2.0.94-5.3.el6.x86_64

Comment 9 errata-xmlrpc 2012-11-08 19:05:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-1441.html


Note You need to log in before you can comment on or make changes to this bug.