Sharing directory with Vagrant box as guest VM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I want to set up a Vagrant box
(https://www.mediawiki.org/wiki/MediaWiki-Vagrant) under Fe-
dora 23 with vagrant-libvirt.  Usually, this means cloning
the Git repository to somewhere in my home directory and
running "vagrant up".  This produces the VM configuration
("virsh dumpxml"):

| […]
|     <filesystem type='mount' accessmode='passthrough'>
|       <driver type='path' wrpolicy='immediate'/>
|       <source dir='/home/tim/src/mediawiki-vagrant/libvirt-test'/>
|       <target dir='vagrant-root'/>
|       <alias name='fs0'/>
|       <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
|     </filesystem>
|     <filesystem type='mount' accessmode='passthrough'>
|       <driver type='path' wrpolicy='immediate'/>
|       <source dir='/home/tim/src/mediawiki-vagrant/libvirt-test/logs'/>
|       <target dir='vagrant-logs'/>
|       <alias name='fs1'/>
|       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|     </filesystem>
| […]

If the guest VM tries to read that with 9p, audit.log shows:

| type=AVC msg=audit(1447019352.577:960): avc:  denied  { read } for  pid=16166 comm="pool" name="libvirt-test" dev="dm-4" ino=11956343 scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.588:961): avc:  denied  { read } for  pid=16166 comm="pool" name="logs" dev="dm-4" ino=11956472 scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.651:962): avc:  denied  { read } for  pid=16166 comm="pool" name="libvirt-test" dev="dm-4" ino=11956343 scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.657:963): avc:  denied  { read } for  pid=16166 comm="pool" name="logs" dev="dm-4" ino=11956472 scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0

(If reading would succeed, it would likely fail a short time
later on writing.)

Is there an existing solution for sharing a directory with a
guest VM, e. g. perhaps a file context for such directories?

Tim

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux