Re: Current F37 test branch: probably new SELinux AVCs with libvirt / KVM

Mon, 17 Oct 2022 01:35:53 -0700 

On Sat, Oct 15, 2022 at 6:55 PM Peter Boy <[email protected]> wrote:

> When creating a new VM on Fedora Server I get 2 AVCs, which I didn’t
> noticed in F36:
>
> SELinux is preventing virtlogd from using the execmem access on a process.
> type=AVC msg=audit(1665815361.392:451): avc: denied { execmem } for
> pid=2086 comm="virtlogd"
> scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=process
> permissive=0
>
>
> SELinux is preventing libvirt_leasesh from using the execmem access on a
> process.
> type=AVC msg=audit(1665851006.673:774): avc: denied { execmem } for
> pid=6252 comm="libvirt_leasesh"
> scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tclass=process
> permissive=0
>
>
> These execmem access violations were virulent a few years ago, but at
> least on my F36 servers I haven't seen any of them anymore.
>
> Am I the only one where they are back?
>
Hello Peter,

There is a bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=2122918

which is being worked on.

_______________________________________________
> devel mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 

Zdenek Pytela
Security SELinux team

_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to