xen avcs....

[Tom London]

Running latest rawhide, targeted/enforcing.

See the following when running xen enabled kernel, xenguest-install, ...

type=AVC msg=audit(1157437064.863:54): avc:  denied  { search } for
pid=3123 comm="python" name="root" dev=dm-0 ino=2883585
scontext=system_u:system_r:xend_t:s0
tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1157437064.863:54): arch=40000003 syscall=33
success=no exit=-13 a0=8ed9a00 a1=4 a2=474c48e4 a3=b711fa4c items=0
ppid=2789 pid=3123 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:xend_t:s0 key=(null)
type=ANOM_PROMISCUOUS msg=audit(1157437099.990:55): dev=vif7.0
prom=256 old_prom=0 auid=4294967295
type=SYSCALL msg=audit(1157437099.990:55): arch=40000003 syscall=54
success=yes exit=0 a0=3 a1=89a2 a2=bf9ab5e0 a3=1 items=0 ppid=5236
pid=5319 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
subj=system_u:system_r:udev_t:s0-s0:c0.c255 key=(null)
type=AVC msg=audit(1157437100.910:56): avc:  denied  { name_bind } for
 pid=5238 comm="xen-vncfb" src=5900
scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1157437100.910:56): arch=40000003 syscall=102
success=no exit=-13 a0=2 a1=bfdc5d00 a2=5 a3=bfdc5d2c items=0
ppid=2792 pid=5238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="xen-vncfb"
exe="/usr/lib/xen/bin/xen-vncfb" subj=system_u:system_r:xend_t:s0
key=(null)

Xen an interesting case here, or should I defer reporting such....


tom
-- 
Tom London