[fedora-virt] AVC denials on F-11

Jerry James loganjerry at gmail.com
Tue Aug 11 15:30:17 UTC 2009 

I just did a yum upgrade this morning, and got glibc-2.10.1-4.x86_64,
where the top ChangeLog entry says:

* Tue Aug 04 2009 Andreas Schwab <schwab at redhat.com> - 2.10.1-4
- Reenable setuid on pt_chown.

Now trying to start a virtual machine with virt-manager yields this AVC denial:

node=localhost.localdomain type=AVC msg=audit(1250004330.149:46142):
avc: denied { setrlimit } for pid=18539 comm="qemu-kvm"
scontext=system_u:system_r:svirt_t:s0:c141,c175
tcontext=system_u:system_r:svirt_t:s0:c141,c175 tclass=process
node=localhost.localdomain type=SYSCALL
msg=audit(1250004330.149:46142): arch=c000003e syscall=160 success=no
exit=-13 a0=4 a1=7fff65c9ef50 a2=0 a3=7fac28fde220 items=0 ppid=18535
pid=18539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-kvm"
exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c141,c175
key=(null)

... and two instances of this AVC denial:

node=localhost.localdomain type=AVC msg=audit(1250004330.150:46143):
avc: denied { setattr } for pid=18539 comm="pt_chown" name="6"
dev=devpts ino=9 scontext=system_u:system_r:svirt_t:s0:c141,c175
tcontext=system_u:object_r:devpts_t:s0:c141,c175 tclass=chr_file
node=localhost.localdomain type=SYSCALL
msg=audit(1250004330.150:46143): arch=c000003e syscall=92 success=no
exit=-13 a0=7fc194e8f1d0 a1=0 a2=5 a3=7fff01c34de0 items=0 ppid=18535
pid=18539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pt_chown"
exe="/usr/libexec/pt_chown"
subj=system_u:system_r:svirt_t:s0:c141,c175 key=(null)

... and a dialog box from virt-manager that says:

"Error starting domain: internal error unable to start guest: qemu:
could not open monitor device 'pty'"

with this traceback:

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/engine.py", line 493, in run_domain
    vm.startup()
  File "/usr/share/virt-manager/virtManager/domain.py", line 573, in startup
    self.vm.create()
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 287, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error unable to start guest: qemu: could not
open monitor device 'pty'

Whose bug is this?  Also, is there anything to be done about this
besides rolling glibc back to its previous version?
-- 
Jerry James
http://www.jamezone.org/

More information about the Fedora-virt mailing list