lastest selinux break Xen?
Harry Hoffman
hhoffman at ip-solutions.net
Wed Feb 22 20:30:21 UTC 2006
Hi,
Just updated and Xen seems to have been broken by the latest selinux
patches?
setenforce 0 allows Xen to operate.
Thanks,
Harry
>From dmesg:
audit(1019131266.041:374): avc: denied { write } for pid=2613
comm="ip" name="xend-debug.log" dev=dm-5 ino=491541
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.053:375): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.053:376): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.053:377): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.065:378): avc: denied { append } for pid=2613
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.065:379): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.065:380): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:381): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:382): avc: denied { write } for pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:383): avc: denied { read write } for pid=2613
comm="ip" name="[7503]" dev=sockfs ino=7503
scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0
tclass=unix_stream_socket
audit(1019131266.161:384): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:385): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:386): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:387): avc: denied { append } for pid=2615
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.169:388): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:389): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:390): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:391): avc: denied { write } for pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.189:392): avc: denied { read write } for pid=2615
comm="ip" name="[7503]" dev=sockfs ino=7503
scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0
tclass=unix_stream_socket
audit(1019131266.197:393): avc: denied { write } for pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:394): avc: denied { write } for pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:395): avc: denied { write } for pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:396): avc: denied { append } for pid=2616
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
>From /var/log/messages:
Apr 18 08:01:52 n1-22-30 kernel: audit(1019131312.164:403): avc: denied
{ append } for pid=2709 comm="ifconfig" name="xen-hotplug.log"
dev=dm-5 ino=491545 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c255
tcontext=system_u:object_r:var_log_t:s0 tclass=file
--
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/
More information about the fedora-devel-list
mailing list