Forgive me if this question belongs in a different forum, but not sure how
to even begin to resolve this.



I am running RHEL AS 5.1. I noticed when building a Vista image, SELinux
blocked a Xen process. I had to eventually put SELinux into permissive mode
to get Xen working. Here is the error that was generated. Is there a fix for
this or do I need to create a new rule for SELinux?



Summary

  SELinux is preventing /sbin/losetup (fsadm_t) "append" to /var/run/xen-

  hotplug/block (udev_var_run_t).



Detailed Description

  SELinux denied access requested by /sbin/losetup. It is not expected
that

  this access is required by /sbin/losetup and this access may signal an

  intrusion attempt. It is also possible that the specific version or

  configuration of the application is causing it to require additional
access.



Allowing Access

  Sometimes labeling problems can cause SELinux denials. You could try to

  restore the default system file context for /var/run/xen-hotplug/block,

  restorecon -v /var/run/xen-hotplug/block If this does not work, there is

  currently no automatic way to allow this access. Instead, you can
generate

  a local policy module to allow this access - see

  http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable

  SELinux protection altogether. Disabling SELinux protection is not

  recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi

  against this package.



Additional Information    



Source Context           system_u:system_r:fsadm_t:SystemLow-SystemHigh

Target Context           system_u:object_r:udev_var_run_t

Target Objects           /var/run/xen-hotplug/block [ file ]

Affected RPM Packages      util-linux-2.13-0.45.el5 [application]

Policy RPM             selinux-policy-2.4.6-104.el5

Selinux Enabled          True

Policy Type             targeted

MLS Enabled             True

Enforcing Mode           Permissive

Plugin Name             plugins.catchall_file

Host Name              localhost.localdomain

Platform               Linux localhost.localdomain 2.6.18-53.el5xen
#1

                   SMP Wed Oct 10 16:48:44 EDT 2007 x86_64 x86_64

Alert Count             21

Line Numbers            



Raw Audit Messages        



avc: denied { append } for comm="losetup" dev=dm-0 egid=0 euid=0

exe="/sbin/losetup" exit=0 fsgid=0 fsuid=0 gid=0 items=0 path="/var/run/xen-

hotplug/block" pid=5041 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023
sgid=0

subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file

tcontext=system_u:object_r:udev_var_run_t:s0 tty=(none) uid=0



thank you,



Paul Whitney

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)
https://www.redhat.com/mailman/listinfo/redhat-list