time->Mon Mar 22 17:31:49 2010
type=SYSCALL msg=audit(1269293509.223:4753): arch=c000003e syscall=1
success=no exit=-13 a0=11 a1=1d2a9c8 a2=10 a3=fffffff2 items=0 ppid=1
pid=28549 auid=0 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107
sgid=107 fsgid=107 tty=(none) ses=7 comm="qemu-kvm"
exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c1 key=(null)
type=AVC msg=audit(1269293509.223:4753): avc: denied { write } for
pid=28549 comm="qemu-kvm" path="socket:[4417531]" dev=sockfs ino=4417531
scontext=system_u:system_r:svirt_t:s0:c1
tcontext=system_u:system_r:svirt_t:s0-s15:c0.c1023 tclass=unix_stream_socket
I have Static Virtualization working on an MLS box except for this
strange AVC.
This looks like the kernel is confused? I believe that all svirt
processes are running as s0:c1 and yet this AVC indicates svirt_t:s0.c1
is trying to write to a unix_stream_socket running as
svirt_t:s0-s15:c0.c1023.
# ps -eZ | grep virt
system_u:system_r:virtd_t:s0-s15:c0.c1023 27344 ? 05:34:47 libvirtd
system_u:system_r:svirt_t:s0:c1 28549 ? 00:00:01 qemu-kvm
Could the kernel be getting confused in to thinking libvirtd is svirt_t?
# ls -lZ /proc/28549/fd/ | grep 4417531
lrwx------. qemu qemu system_u:system_r:svirt_t:s0:c1 17 ->
socket:[4417531]
lsof | grep 4417531
qemu-kvm 28549 qemu 17u unix 0xffff88003e1f7900 0t0
4417531 /var/lib/libvirt/qemu/xguest.monitor
# lsof /var/lib/libvirt/qemu/xguest.monitor
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
qemu-kvm 28549 qemu 3u unix 0xffff88003a853000 0t0 4417518
/var/lib/libvirt/qemu/xguest.monitor
qemu-kvm 28549 qemu 17u unix 0xffff88003e1f7900 0t0 4417531
/var/lib/libvirt/qemu/xguest.monitor
So it looks like we have a process that is running as both labels?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
