Re: Monitoring disk storage labeled with svirt_image_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-11-15 at 15:02 +0100, Gabriele Pohl wrote:
> Hi,
> 
> I use Munin plugin diskwatch to monitor a KVM-Host
> and am getting AVC denials at access to logical volumes
> labeled with type "svirt_image_t"
> 

>snip<

> Should I really change the label or will that make problems for qemu?
> Is it ok to grant access privileges to munin_disk_plugin_t ?
> 

No, you should not change the label as setroubleshoot suggested.

> @drjohnson1: Will you then please add the following rules to SELinux  
> policy of munin-node:
> 
> --------------------------------
> module diskwatch-pol 1.0;
> 
> require {
> 	type svirt_image_t;
> 	type munin_disk_plugin_t;
> 	class blk_file getattr;
> }
> 
> #============= munin_disk_plugin_t ==============
> allow munin_disk_plugin_t svirt_image_t:blk_file getattr;
> --------------------------------
> 

In theory you should add a rule like the above yes, but it is probably
not enough



> Thanks for your advice and kind regards,
> 
> Gabriele
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux