Bug 976000 - More AVC denials when using netns
More AVC denials when using netns
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
: ZStream
Depends On: 972956
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-19 14:15 EDT by Jan Kurik
Modified: 2013-06-27 14:06 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
When using Quantum 2013.1.2 with netns support, several SELinux denials were produced. This update allows qemu to manage nova lib files, hald to read svirt images, and AVC denials no longer occur in the described scenario.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-27 14:06:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Kurik 2013-06-19 14:15:54 EDT
This bug has been copied from bug #972956 and has been proposed
to be backported to 6.4 z-stream (EUS).
Comment 4 Miroslav Grepl 2013-06-20 06:55:03 EDT
Does it work with the latest SELinux z-stream builds?
Comment 15 Miroslav Grepl 2013-06-24 08:24:03 EDT
We have in Fedora


optional_policy(`
    openvswitch_read_pid_files(logrotate_t)
    openvswitch_domtrans(logrotate_t)
')


which means we need to update openvswitch policy in RHEL6.
Comment 16 Miroslav Grepl 2013-06-24 08:26:13 EDT
Guys,
what does

# ps -eZ |grep initrc
Comment 17 Ofer Blaut 2013-06-24 08:41:00 EDT
nothing 

[root@puma40 ~]# ps -eZ |grep initrc
[root@puma40 ~]#
Comment 19 Miroslav Grepl 2013-06-24 09:18:49 EDT
I am just working on fixes and on a test build.
Comment 20 Miroslav Grepl 2013-06-24 09:45:59 EDT
There are test builds

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=5938823
Comment 25 errata-xmlrpc 2013-06-27 14:06:34 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1000.html

Note You need to log in before you can comment on or make changes to this bug.