View Issue Details

IDProjectCategoryView StatusLast Update
0015256CentOS-7selinux-policypublic2018-09-24 16:06
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015256: SELinux is preventing /usr/libexec/qemu-kvm from 'open' accesses on the Datei /run/udev/data/+usb:9-2:2.1.
DescriptionDescription of problem:
usb host device attach to vm
SELinux is preventing /usr/libexec/qemu-kvm from 'open' accesses on the Datei /run/udev/data/+usb:9-2:2.1.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that qemu-kvm should be allowed open access on the +usb:9-2:2.1 file by default.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, k├Ânnen Sie ein lokales Richtlinien-Modul erstellen.
allow this access for now by executing:
# ausearch -c 'qemu-kvm' --raw | audit2allow -M my-qemukvm
# semodule -i my-qemukvm.pp

Additional Information:
Source Context system_u:system_r:svirt_t:s0:c381,c724
Target Context system_u:object_r:udev_var_run_t:s0
Target Objects /run/udev/data/+usb:9-2:2.1 [ file ]
Source qemu-kvm
Source Path /usr/libexec/qemu-kvm
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.11.6.el7.x86_64 #1 SMP
                              Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64
Alert Count 3
First Seen 2018-09-09 10:22:24 CEST
Last Seen 2018-09-09 10:22:24 CEST
Local ID 8b982fb1-e5fc-4817-a1cf-925a9e5b8cf7

Raw Audit Messages
type=AVC msg=audit(1536481344.484:868): avc: denied { open } for pid=1735 comm="qemu-kvm" path="/run/udev/data/+usb:9-2:2.1" dev="tmpfs" ino=14155 scontext=system_u:system_r:svirt_t:s0:c381,c724 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file

Hash: qemu-kvm,svirt_t,udev_var_run_t,file,open

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-862.11.6.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-09-09 08:37 azalguul New Issue