-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/03/2013 08:11 AM, bigclouds wrote: > hi,all why qemu can access mnt_t type dirs. following is my ls command, > qemu use a file which has MCS, but its parent dirs is not virt_image_t > type. under what condition this will happen? i do nothing about selinux > policy. thanks > > [root@www data-center]# ls -lZ > /rhev/data-center/25c47fdd-47a3-4eac-933a-70ea6d44f615/5dad0fa9-a924-48e5-b248-9b58bd9ac986/images/149ec5e4-45e0-4353-bfa6-58ba9ed9c888/486a26e1-79f7-4df2-9469-c48613741c7e > > - -rw-rw----. qemu kvm system_u:object_r:svirt_image_t:s0:c517,c988 > /rhev/data-center/25c47fdd-47a3-4eac-933a-70ea6d44f615/5dad0fa9-a924-48e5-b248-9b58bd9ac986/images/149ec5e4-45e0-4353-bfa6-58ba9ed9c888/486a26e1-79f7-4df2-9469-c48613741c7e > > [root@www data-center]# ls -lZ /rhev/data-center > drwxr-xr-x.qemu kvm unconfined_u:object_r:mnt_t:s0 25c47 > fdd-47a3-4eac-933a-70ea6d44f615 drwxr-xr-x. qemu kvm > system_u:object_r:mnt_t:s0 mnt [root@www data-center]# ls -lZ > /rhev/data-center/25c47fdd-47a3-4eac-933a-70ea6d44f615/ lrwxrwxrwx. qemu > kvm unconfined_u:object_r:mnt_t:s0 5dad0fa9-a924-48e5-b248-9b58bd9ac986 -> > /rhev/data-center/mnt/_home_kvm_vms/5dad0fa9-a924-48e5-b248-9b58bd9ac986 > [root@www data-center]# ls -lZ > /rhev/data-center/25c47fdd-47a3-4eac-933a-70ea6d44f615/5dad0fa9-a924-48e5-b248-9b58bd9ac986/ > > drwxr-xr-x. qemu kvm system_u:object_r:user_home_t:s0 images > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Are you seeing AVC messages? Looks like you might need to run restorecon on /rhev restorecon -R - v/rhev -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGH+k0ACgkQrlYvE4MpobOvLACbBFLRxXDmTVbldsFICONwaRBs rBgAn1TXkCcP78rclGQH+Yj6NGi4u5/G =RfDr -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
