[Ovirt-devel] [PATCH node-image] enable SELinux in the node
Perry N. Myers
pmyers at redhat.com
Sun Sep 21 06:28:19 UTC 2008
Jim Meyering wrote:
> Here are 5 change sets.
>
> The first enables SELinux in the node.
> However, the resulting .iso image size went up to 72M.
> The following 4 patches pare that back down to 51M, which is 1M below
> the original size of 52M.
Found a problem with iSCSI storage pools via libvirt with selinux turned on.
The pool can be created but when you try to access it the following shows
up in /var/log/messages:
> type=1400 audit(1221978037.915:24): avc: denied { getattr } for pid=2597 comm="qemu-kvm" path="/dev/sdd" dev=tmpfs ino=9171 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
> type=1400 audit(1221978037.915:25): avc: denied { read } for pid=2597 comm="qemu-kvm" name="sdd" dev=tmpfs ino=9171 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Looks like selinux is prohibiting access for qemu to the block devices.
Not sure how to fix this. Dan or Jim you guys have any suggestions?
NFS disk image access is not affected by this since that is just access to
an img file provided over an nfs mount.
Perry
More information about the ovirt-devel
mailing list