xen avcs....

Daniel J Walsh dwalsh at redhat.com
Tue Sep 5 16:57:59 UTC 2006


Tom London wrote:
> Running latest rawhide, targeted/enforcing.
>
> See the following when running xen enabled kernel, xenguest-install, ...
>
> type=AVC msg=audit(1157437064.863:54): avc:  denied  { search } for
> pid=3123 comm="python" name="root" dev=dm-0 ino=2883585
> scontext=system_u:system_r:xend_t:s0
> tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
> type=SYSCALL msg=audit(1157437064.863:54): arch=40000003 syscall=33
> success=no exit=-13 a0=8ed9a00 a1=4 a2=474c48e4 a3=b711fa4c items=0
> ppid=2789 pid=3123 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
> subj=system_u:system_r:xend_t:s0 key=(null)
> type=ANOM_PROMISCUOUS msg=audit(1157437099.990:55): dev=vif7.0
> prom=256 old_prom=0 auid=4294967295
> type=SYSCALL msg=audit(1157437099.990:55): arch=40000003 syscall=54
> success=yes exit=0 a0=3 a1=89a2 a2=bf9ab5e0 a3=1 items=0 ppid=5236
> pid=5319 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
> subj=system_u:system_r:udev_t:s0-s0:c0.c255 key=(null)
> type=AVC msg=audit(1157437100.910:56): avc:  denied  { name_bind } for
> pid=5238 comm="xen-vncfb" src=5900
> scontext=system_u:system_r:xend_t:s0
> tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1157437100.910:56): arch=40000003 syscall=102
> success=no exit=-13 a0=2 a1=bfdc5d00 a2=5 a3=bfdc5d2c items=0
> ppid=2792 pid=5238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="xen-vncfb"
> exe="/usr/lib/xen/bin/xen-vncfb" subj=system_u:system_r:xend_t:s0
> key=(null)
>
> Xen an interesting case here, or should I defer reporting such....
>
>
No we want all errors, thanks.
> tom




More information about the fedora-selinux-list mailing list