Hi,
I found an issue with an SELinux denial trying to deploy hosted-engine from
oVirt 3.5.1 on fedora 20 with libvirtd from @updates
The issue is:
time->Tue Mar 31 17:45:09 2015
type=PROCTITLE msg=audit(1427816709.311:914):
proctitle=2F7362696E2F6C64636F6E666967002D70
type=SYSCALL msg=audit(1427816709.311:914): arch=c000003e syscall=59
success=yes exit=0 a0=23f9af0 a1=23f9bf0 a2=23f8b60 a3=7ffcc784f150 items=0
ppid=7037 pid=7038 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175
egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ldconfig"
exe="/usr/sbin/ldconfig" subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1427816709.311:914): avc: denied { write } for pid=7038
comm="ldconfig" path="/dev/vport2p1" dev="devtmpfs" ino=9984
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:virtio_device_t:s0 tclass=chr_file permissive=0
and /dev/vport2p1 seams to be badly labeled:
crw-rw----. ovirtagent ovirtagent system_u:object_r:virtio_device_t:s0
/dev/vport2p1
I was using:
libvirt-daemon.x86_64 1.1.3.9-1.fc20 @updates
selinux-policy.noarch 3.12.1-197.fc20 @updates
selinux-policy-targeted.noarch 3.12.1-197.fc20 @updates
The issue doesn't reproduce enabling virt-preview repo and using a fresher
libvirtd.
Should I open a bug to have something back-ported on f20 libvirt or should we
explicitly require virt-preview repo for oVirt 3.5.2 as we are doing for master?
ciao,
Simone
_______________________________________________
Devel mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/devel
