On Thu, 2009-11-19 at 18:03 -0500, Michael Schenck wrote:
> I'm running CentOS 5.4 and am trying to allow qemu to use LVM LV's for
> storage. I created this file form audit2allow:
>
> module kvm 1.0;
>
> require {
> type qemu_t;
> type fixed_disk_device_t;
> class blk_file read;
> class blk_file getattr;
> }
>
> allow qemu_t fixed_disk_device_t:blk_file { read getattr };
>
> I use this script to load it:
> #!/bin/sh
>
> # Puppet Template
> # Serial: 2008120401
>
> SE_LOCAL=/etc/selinux/local
>
> /usr/bin/checkmodule -M -m -o ${SE_LOCAL}/kvm.mod ${SE_LOCAL}/kvm.te
> /usr/bin/semodule_package -o ${SE_LOCAL}/kvm.pp -m ${SE_LOCAL}/kvm.mod
> /usr/sbin/semodule -i ${SE_LOCAL}/kvm.pp
>
> /bin/rm ${SE_LOCAL}/kvm.mod ${SE_LOCAL}/kvm.pp
>
> When I try to load it, it fails with the following error:
> [root@HostKVM2:/etc/selinux/local]# ./kvm-setup.sh
> /usr/bin/checkmodule: loading policy configuration from
> /etc/selinux/local/kvm.te
> /usr/bin/checkmodule: policy configuration loaded
> /usr/bin/checkmodule: writing binary representation (version 6) to
> /etc/selinux/local/kvm.mod
> libsepol.check_assertion_helper: assertion on line 0 violated by allow
> qemu_t fixed_disk_device_t:blk_file { read };
> libsepol.check_assertions: 1 assertion violations occured
> libsemanage.semanage_expand_sandbox: Expand module failed
> /usr/sbin/semodule: Failed!
>
>
> Can someone tell me what I'm doing wrong?
Why not just label the block device properly like everyone else?
chcon -t virt_image_t /pathto/blk_file
> Best regards,
> Michael Schenck
>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
