lastest selinux break Xen?

Harry Hoffman hhoffman at ip-solutions.net
Wed Feb 22 20:30:21 UTC 2006 

Hi,

Just updated and Xen seems to have been broken by the latest selinux
patches?

setenforce 0 allows Xen to operate.

Thanks,
Harry


>From dmesg:
audit(1019131266.041:374): avc:  denied  { write } for  pid=2613
comm="ip" name="xend-debug.log" dev=dm-5 ino=491541
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.053:375): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.053:376): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.053:377): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.065:378): avc:  denied  { append } for  pid=2613
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.065:379): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.065:380): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:381): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:382): avc:  denied  { write } for  pid=2613
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.073:383): avc:  denied  { read write } for  pid=2613
comm="ip" name="[7503]" dev=sockfs ino=7503
scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0
tclass=unix_stream_socket
audit(1019131266.161:384): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:385): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:386): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.169:387): avc:  denied  { append } for  pid=2615
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
audit(1019131266.169:388): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:389): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:390): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.181:391): avc:  denied  { write } for  pid=2615
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.189:392): avc:  denied  { read write } for  pid=2615
comm="ip" name="[7503]" dev=sockfs ino=7503
scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0
tclass=unix_stream_socket
audit(1019131266.197:393): avc:  denied  { write } for  pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:394): avc:  denied  { write } for  pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:395): avc:  denied  { write } for  pid=2616
comm="ip" name="privcmd" dev=proc ino=-268434128
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
audit(1019131266.209:396): avc:  denied  { append } for  pid=2616
comm="ip" name="xend.log" dev=dm-5 ino=491540
scontext=root:system_r:ifconfig_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file

>From /var/log/messages:
Apr 18 08:01:52 n1-22-30 kernel: audit(1019131312.164:403): avc:  denied
 { append } for  pid=2709 comm="ifconfig" name="xen-hotplug.log"
dev=dm-5 ino=491545 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c255
tcontext=system_u:object_r:var_log_t:s0 tclass=file


-- 
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/

More information about the fedora-devel-list mailing list