On 12/24/19 5:10 AM, Jason Zaman wrote:
type=AVC msg=audit(1563034372.505:40675): avc: denied { read write } for pid=64033 comm="libvirtd" name="control" dev="devtmpfs" ino=1273 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file permissive=0
type=SYSCALL msg=audit(1563034372.505:40675): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ff9a09cd180 a2=2 a3=0 items=1 ppid=1 pid=64033 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="libvirtd" exe="/usr/sbin/libvirtd" subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null)
type=CWD msg=audit(1563034372.505:40675): cwd="/"
type=PATH msg=audit(1563034372.505:40675): item=0 name="/dev/mapper/control" inode=1273 dev=00:06 mode=020600 ouid=0 ogid=0 rdev=0a:ec obj=system_u:object_r:lvm_control_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx>
---
policy/modules/services/virt.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index d4c5d05a..fb985f12 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -622,6 +622,7 @@ dev_rw_sysfs(virtd_t)
dev_read_urand(virtd_t)
dev_read_rand(virtd_t)
dev_rw_kvm(virtd_t)
+dev_rw_lvm_control(virtd_t)
dev_getattr_all_chr_files(virtd_t)
dev_rw_mtrr(virtd_t)
dev_rw_vhost(virtd_t)
Merged.
--
Chris PeBenito
