Bug 988996 - SELinux is preventing /usr/bin/qemu-system-x86_64 from 'read' accesses on the file /home/ramtech/vms/win7.img.
Summary: SELinux is preventing /usr/bin/qemu-system-x86_64 from 'read' accesses on the...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: 19
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:73b8315a59abeee67870efe96ff...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-26 21:01 UTC by nospam
Modified: 2023-09-14 01:48 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-30 22:15:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description nospam 2013-07-26 21:01:20 UTC
Description of problem:
Happened during Windows 7 VM 
SELinux is preventing /usr/bin/qemu-system-x86_64 from 'read' accesses on the file /home/ramtech/vms/win7.img.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that qemu-system-x86_64 should be allowed read access on the win7.img file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-system-x86 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c653,c780
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                /home/ramtech/vms/win7.img [ file ]
Source                        qemu-system-x86
Source Path                   /usr/bin/qemu-system-x86_64
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           qemu-system-x86-1.4.2-4.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-65.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 3.9.9-302.fc19.x86_64 #1 SMP Sat
                              Jul 6 13:41:07 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-07-26 22:58:58 CEST
Last Seen                     2013-07-26 22:58:58 CEST
Local ID                      6181b3cb-3132-4dc1-903b-bde65433837d

Raw Audit Messages
type=AVC msg=audit(1374872338.920:491): avc:  denied  { read } for  pid=2588 comm="qemu-system-x86" path="/home/ramtech/vms/win7.img" dev="sda5" ino=21102824 scontext=system_u:system_r:svirt_t:s0:c653,c780 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1374872338.920:491): arch=x86_64 syscall=preadv success=yes exit=131072 a0=d a1=7fc7d1bc2370 a2=2 a3=1ca9ed000 items=0 ppid=1 pid=2588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=qemu-system-x86 exe=/usr/bin/qemu-system-x86_64 subj=system_u:system_r:svirt_t:s0:c653,c780 key=(null)

Hash: qemu-system-x86,svirt_t,user_home_t,file,read

Additional info:
reporter:       libreport-2.1.5
hashmarkername: setroubleshoot
kernel:         3.9.9-302.fc19.x86_64
type:           libreport

Comment 1 Daniel Walsh 2013-07-28 00:04:22 UTC
Seems to be  a libvirt bud since he img file is not labeled correctly.

Comment 2 Cole Robinson 2013-08-30 22:15:42 UTC
Thanks for the report, however we need more info.

How did you create the VM (what tool)?
How did you start the VM?
Is this reproducible every time?

Please reopen and provide that information.

Comment 3 Red Hat Bugzilla 2023-09-14 01:48:26 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days


Note You need to log in before you can comment on or make changes to this bug.