View Issue Details

IDProjectCategoryView StatusLast Update
0017404CentOS-7selinux-policypublic2020-05-27 06:45
Reportermmarcinb2020 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0017404: SELinux is preventing /usr/libexec/qemu-kvm from 'read' accesses on the plik +usb:2-7:1.0.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/qemu-kvm from 'read' accesses on the plik +usb:2-7:1.0.

***** Plugin qemu_file_image (91.4 confidence) suggests *******************

Jeśli +usb:2-7:1.0 jest celem wirtualizacji
Then należy zmienić etykietę +usb:2-7:1.0'
Do
# semanage fcontext -a -t virt_image_t '+usb:2-7:1.0'
# restorecon -v '+usb:2-7:1.0'

***** Plugin catchall (9.59 confidence) suggests **************************

Aby qemu-kvm powinno mieć domyślnie read dostęp do +usb:2-7:1.0 file.
Then proszę to zgłosić jako błąd.
Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
Do
można tymczasowo zezwolić na ten dostęp wykonując polecenia:
# ausearch -c 'qemu-kvm' --raw | audit2allow -M my-qemukvm
# semodule -i my-qemukvm.pp

Additional Information:
Source Context system_u:system_r:svirt_t:s0:c8,c230
Target Context system_u:object_r:udev_var_run_t:s0
Target Objects +usb:2-7:1.0 [ file ]
Source qemu-kvm
Source Path /usr/libexec/qemu-kvm
Port <Unknown>
Host (removed)
Source RPM Packages qemu-kvm-1.5.3-173.el7_8.3.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-266.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1127.8.2.el7.x86_64 #1 SMP
                              Tue May 12 16:57:42 UTC 2020 x86_64 x86_64
Alert Count 7
First Seen 2020-05-27 08:27:10 CEST
Last Seen 2020-05-27 08:27:10 CEST
Local ID e1aea53a-1a9d-4154-9b6d-67f545d32041

Raw Audit Messages
type=AVC msg=audit(1590560830.813:13425): avc: denied { read } for pid=3495 comm="qemu-kvm" name="+usb:2-7:1.0" dev="tmpfs" ino=10738 scontext=system_u:system_r:svirt_t:s0:c8,c230 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1590560830.813:13425): arch=x86_64 syscall=open success=no exit=EACCES a0=7ffd673b42a0 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=3495 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c8,c230 key=(null)

Hash: qemu-kvm,svirt_t,udev_var_run_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-266.el7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.8.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashb8d3a885d5f2f826d97b95ee355d2360e2f2e4bb862fca647df5023c2e01b7fd
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-05-27 06:45 mmarcinb2020 New Issue