search for: virt_content_t

...ort 1(vnet0) entering disabled state Feb 24 17:25:28 desk kernel: device vnet0 left promiscuous mode Feb 24 17:25:28 desk kernel: virbr0: port 1(vnet0) entering disabled state Feb 24 17:25:28 desk setroubleshoot: SELinux is preventing pam_console_app (pam_console_t) "getattr" to /dev/hda (virt_content_t). For complete SELinux messages. run sealert -l 9ee6c9a9-3eda-4082-84d3-5741ea9ff688 SELinux alert summary SELinux is preventing pam_console_app (pam_console_t) "getattr" to /dev/hda (virt_content_t). Detailed Description: SELinux denied access requested by pam_console_app. It is not...

...label type="static" model="dac" relabel="no"> <label>0:0</label> </seclabel> This patch makes that change. I notice that after this change, qemu is indeed running as root. However the file being examined still gets relabelled by SELinux (to virt_content_t IIRC). Maybe this relabelling is in fact desirable. Also as you can see from the patch there are cases where we use another <seclabel model='selinux'/> element to set labels to a known value. It's not clear if we can include both <seclabel/> elements. The patch as shown o...

...lib/libvirt/images drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /home/aik/virtimg drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /var/lib/libvirt/images [root at vpl2 ~]# ls -lZ /home/aik/virtimg /var/lib/libvirt/images /home/aik/virtimg: -rwxrwxrwx. root root system_u:object_r:virt_content_t:s0 Fedora-18-ppc64-DVD.iso /var/lib/libvirt/images: -rwxrwxrwx. root root system_u:object_r:virt_image_t:s0 fc18guest However "virsh -c qemu:///system create libvirtguest-aik.xml" failes with "avc: denied { dac_override }" and "avc: denied { dac_read_search }"....

..._u:object_r:user_tmp_t:s0 qemu.stat libguestfs: libguestfs: /var/tmp/.guestfs-1001/appliance.d: libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 . libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 .. libguestfs: -rw-r--r--. stack stack system_u:object_r:virt_content_t:s0 initrd libguestfs: -rwxr-xr-x. stack stack system_u:object_r:virt_content_t:s0 kernel libguestfs: -rw-r--r--. stack stack system_u:object_r:virt_content_t:s0 root libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -Z /tmp/libgue...

On Sat, Jun 03, 2017 at 05:20:47PM -0400, Michael C Cambria wrote: >I also tried stopping libvirtd, renaming both qemu-system-i386 and >qemu-system-x86_64, start libvirtd. Things get further along; dnsmasq >log messages show up. > >$ sudo systemctl status libvirtd.service >● libvirtd.service - Virtualization daemon > Loaded: loaded

...text 'system_u:system_r:svirt_t:s0', alt domain context 'system_u:system_r:svirt_tcg_t:s0' 2017-06-04 00:04:14.307+0000: 3379: debug : virSecuritySELinuxQEMUInitialize:537 : Loaded file context 'system_u:object_r:svirt_image_t:s0', content context 'system_u:object_r:virt_content_t:s0' 2017-06-04 00:04:14.307+0000: 3379: debug : virSecurityManagerNewDriver:86 : drv=0x7fa44d580cc0 (stack) virtDriver=QEMU flags=a 2017-06-04 00:04:14.307+0000: 3379: debug : virSecurityManagerNewDriver:86 : drv=0x7fa44d580de0 (dac) virtDriver=QEMU flags=a 2017-06-04 00:04:14.313+0000: 337...

...m_u:system_r:svirt_t:s0', alt domain context >'system_u:system_r:svirt_tcg_t:s0' >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecuritySELinuxQEMUInitialize:537 : Loaded file context >'system_u:object_r:svirt_image_t:s0', content context >'system_u:object_r:virt_content_t:s0' >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecurityManagerNewDriver:86 : drv=0x7fa44d580cc0 (stack) >virtDriver=QEMU flags=a >2017-06-04 00:04:14.307+0000: 3379: debug : >virSecurityManagerNewDriver:86 : drv=0x7fa44d580de0 (dac) >virtDriver=QEMU flags=a >2017-06-0...

...39;, alt domain context >> 'system_u:system_r:svirt_tcg_t:s0' >> 2017-06-04 00:04:14.307+0000: 3379: debug : >> virSecuritySELinuxQEMUInitialize:537 : Loaded file context >> 'system_u:object_r:svirt_image_t:s0', content context >> 'system_u:object_r:virt_content_t:s0' >> 2017-06-04 00:04:14.307+0000: 3379: debug : >> virSecurityManagerNewDriver:86 : drv=0x7fa44d580cc0 (stack) >> virtDriver=QEMU flags=a >> 2017-06-04 00:04:14.307+0000: 3379: debug : >> virSecurityManagerNewDriver:86 : drv=0x7fa44d580de0 (dac) >> virtDri...