Loading...

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.0.beta
Affects Version/s: rhel-10.0.beta
Component/s: selinux-policy
Labels:
- virt-selinux

Epic Link:
SELINUX-3400

Pool Team:

sst_security_selinux
Sub-System Group:

ssg_security

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

There are AVC denied erros when hotplugging volume type disk(backed by vHBA) to vm.
The functionality is not affected, which means hotplugging succeeds.

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Create storage pool backed by vHBA device. Refer to the steps in https://issues.redhat.com/browse/RHEL-44637
Start a vm

Hotplug volume type disk to vm

# cat virt-test-volume.xml
<disk type="volume" device="disk">
  <source pool="virt-test-pool" volume="unit:0:2:0" />
  <driver name="qemu" type="raw" />
  <target dev="vdb" bus="virtio" />
</disk>

# virsh attach-device avocado-vt-vm1 virt-test-volume.xml 
Device attached successfully

Check audit log

# cat virt-test-volume-attach.log 
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.097:14067): proctitle=2F7573722F7362696E2F7669727473746F7261676564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.097:14067): arch=c000003e syscall=257 success=yes exit=19 a0=ffffff9c a1=7f96780160b0 a2=1 a3=0 items=0 ppid=1 pid=292842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtstoraged" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.097:14067): avc:  denied  { write } for  pid=292842 comm="daemon-init" name="scan" dev="sysfs" ino=135167 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.098:14068): proctitle=2F7573722F7362696E2F7669727473746F7261676564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.098:14068): arch=c000003e syscall=21 success=yes exit=0 a0=7f96780214c8 a1=1 a2=9 a3=7f96780008e0 items=0 ppid=1 pid=292842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtstoraged" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.098:14068): avc:  denied  { execute } for  pid=292842 comm="daemon-init" name="udevadm" dev="dm-0" ino=67116487 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.100:14069): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=PATH msg=audit(1719224417.100:14069): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=67110910 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1719224417.100:14069): cwd="/"
type=EXECVE msg=audit(1719224417.100:14069): argc=2 a0="/usr/sbin/udevadm" a1="settle"
type=SYSCALL msg=audit(1719224417.100:14069): arch=c000003e syscall=59 success=yes exit=0 a0=7f967802aa30 a1=7f967802ba60 a2=7ffc08b06728 a3=7f96780008e0 items=1 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.100:14069): avc:  denied  { map } for  pid=292862 comm="udevadm" path="/usr/bin/udevadm" dev="dm-0" ino=67116487 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1719224417.100:14069): avc:  denied  { execute_no_trans } for  pid=292862 comm="daemon-init" path="/usr/bin/udevadm" dev="dm-0" ino=67116487 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.104:14070): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.104:14070): arch=c000003e syscall=9 success=yes exit=139990269497344 a0=0 a1=1000 a2=1 a3=1 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.104:14070): avc:  denied  { map } for  pid=292862 comm="udevadm" path="/sys/fs/selinux/status" dev="selinuxfs" ino=19 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.104:14071): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=PATH msg=audit(1719224417.104:14071): item=0 name="/etc/selinux/targeted/contexts/files/file_contexts.subs_dist" inode=69417026 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:file_context_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1719224417.104:14071): cwd="/"
type=SYSCALL msg=audit(1719224417.104:14071): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=55a990761bb0 a2=80000 a3=0 items=1 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.104:14071): avc:  denied  { open } for  pid=292862 comm="udevadm" path="/etc/selinux/targeted/contexts/files/file_contexts.subs_dist" dev="dm-0" ino=69417026 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file permissive=1
type=AVC msg=audit(1719224417.104:14071): avc:  denied  { read } for  pid=292862 comm="udevadm" name="file_contexts.subs_dist" dev="dm-0" ino=69417026 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file permissive=1
type=AVC msg=audit(1719224417.104:14071): avc:  denied  { search } for  pid=292862 comm="udevadm" name="files" dev="dm-0" ino=67116207 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1719224417.104:14071): avc:  denied  { search } for  pid=292862 comm="udevadm" name="contexts" dev="dm-0" ino=7538 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.104:14072): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.104:14072): arch=c000003e syscall=5 success=yes exit=0 a0=3 a1=7ffc6b1fada0 a2=8 a3=0 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.104:14072): avc:  denied  { getattr } for  pid=292862 comm="udevadm" path="/etc/selinux/targeted/contexts/files/file_contexts.subs_dist" dev="dm-0" ino=69417026 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.105:14073): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.105:14073): arch=c000003e syscall=262 success=yes exit=0 a0=ffffff9c a1=7ffc6b1f8f90 a2=7ffc6b1fa108 a3=0 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.105:14073): avc:  denied  { getattr } for  pid=292862 comm="udevadm" path="/etc/selinux/targeted/contexts/files/file_contexts" dev="dm-0" ino=71057019 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=unconfined_u:object_r:file_context_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.105:14074): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.105:14074): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffc6b1fa230 a2=80000 a3=0 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.105:14074): avc:  denied  { open } for  pid=292862 comm="udevadm" path="/etc/selinux/targeted/contexts/files/file_contexts.bin" dev="dm-0" ino=71057021 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=unconfined_u:object_r:file_context_t:s0 tclass=file permissive=1
type=AVC msg=audit(1719224417.105:14074): avc:  denied  { read } for  pid=292862 comm="udevadm" name="file_contexts.bin" dev="dm-0" ino=71057021 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=unconfined_u:object_r:file_context_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.105:14075): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.105:14075): arch=c000003e syscall=9 success=yes exit=139990253211648 a0=0 a1=90188 a2=1 a3=2 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.105:14075): avc:  denied  { map } for  pid=292862 comm="udevadm" path="/etc/selinux/targeted/contexts/files/file_contexts.bin" dev="dm-0" ino=71057021 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=unconfined_u:object_r:file_context_t:s0 tclass=file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.107:14076): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=PATH msg=audit(1719224417.107:14076): item=0 name="/proc/1/root" inode=128 dev=fd:00 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1719224417.107:14076): cwd="/"
type=SYSCALL msg=audit(1719224417.107:14076): arch=c000003e syscall=262 success=yes exit=0 a0=ffffff9c a1=7f520630d549 a2=7ffc6b1fc3c0 a3=0 items=1 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.107:14076): avc:  denied  { read } for  pid=292862 comm="udevadm" name="root" dev="proc" ino=7189 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=lnk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.107:14077): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.107:14077): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=55a990763e20 a2=14 a3=b items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.107:14077): avc:  denied  { connectto } for  pid=292862 comm="udevadm" path="/run/udev/control" scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1
type=AVC msg=audit(1719224417.107:14077): avc:  denied  { write } for  pid=292862 comm="udevadm" name="control" dev="tmpfs" ino=778 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=sock_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.108:14078): proctitle=2F7573722F7362696E2F7564657661646D00736574746C65
type=SYSCALL msg=audit(1719224417.108:14078): arch=c000003e syscall=254 success=yes exit=1 a0=5 a1=7ffc6b1fc2d0 a2=200 a3=0 items=0 ppid=292842 pid=292862 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udevadm" exe="/usr/bin/udevadm" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.108:14078): avc:  denied  { watch } for  pid=292862 comm="udevadm" path="/run/udev" dev="tmpfs" ino=56 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.109:14079): proctitle=2F7573722F7362696E2F7669727473746F7261676564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.109:14079): arch=c000003e syscall=262 success=yes exit=0 a0=ffffff9c a1=7f9678014000 a2=7f96c55ff6c0 a3=0 items=0 ppid=1 pid=292842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtstoraged" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.109:14079): avc:  denied  { getattr } for  pid=292842 comm="daemon-init" path="/dev/sda" dev="devtmpfs" ino=440 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.109:14080): proctitle=2F7573722F7362696E2F7669727473746F7261676564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.109:14080): arch=c000003e syscall=262 success=yes exit=0 a0=ffffff9c a1=7f9678014000 a2=7f96c55ff6c0 a3=0 items=0 ppid=1 pid=292842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtstoraged" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.109:14080): avc:  denied  { getattr } for  pid=292842 comm="daemon-init" path="/dev/sr0" dev="devtmpfs" ino=479 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.109:14081): proctitle=2F7573722F7362696E2F7669727473746F7261676564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.109:14081): arch=c000003e syscall=257 success=yes exit=20 a0=ffffff9c a1=7f96780214a0 a2=900 a3=0 items=0 ppid=1 pid=292842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtstoraged" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.109:14081): avc:  denied  { open } for  pid=292842 comm="daemon-init" path="/dev/sde" dev="devtmpfs" ino=3830 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
type=AVC msg=audit(1719224417.109:14081): avc:  denied  { read } for  pid=292842 comm="daemon-init" name="sde" dev="devtmpfs" ino=3830 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.115:14082): proctitle=2F6C69622F756465762F736373695F6964002D2D7265706C6163652D77686974657370616365002D2D77686974656C6973746564002D2D6578706F7274002D2D646576696365002F6465762F6469736B2F62792D706174682F7063692D303030303A30363A30302E312D66632D3078353030353037363831323136336234622D
type=SYSCALL msg=audit(1719224417.115:14082): arch=c000003e syscall=16 success=no exit=-22 a0=3 a1=2285 a2=7ffcba402760 a3=0 items=0 ppid=292842 pid=292863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="scsi_id" exe="/usr/lib/udev/scsi_id" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.115:14082): avc:  denied  { ioctl } for  pid=292863 comm="scsi_id" path="/dev/sde" dev="devtmpfs" ino=3830 ioctlcmd=0x2285 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.115:14083): proctitle=2F6C69622F756465762F736373695F6964002D2D7265706C6163652D77686974657370616365002D2D77686974656C6973746564002D2D6578706F7274002D2D646576696365002F6465762F6469736B2F62792D706174682F7063692D303030303A30363A30302E312D66632D3078353030353037363831323136336234622D
type=SYSCALL msg=audit(1719224417.115:14083): arch=c000003e syscall=16 success=yes exit=0 a0=3 a1=2285 a2=7ffcba402700 a3=0 items=0 ppid=292842 pid=292863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="scsi_id" exe="/usr/lib/udev/scsi_id" subj=system_u:system_r:virtstoraged_t:s0 key=(null)
type=AVC msg=audit(1719224417.115:14083): avc:  denied  { sys_rawio } for  pid=292863 comm="scsi_id" capability=17  scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:system_r:virtstoraged_t:s0 tclass=capability permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.129:14084): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.129:14084): arch=c000003e syscall=189 success=yes exit=0 a0=7f2600007190 a1=7f261eff4197 a2=7f260000eb80 a3=1e items=0 ppid=289354 pid=292865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.129:14084): avc:  denied  { relabelfrom } for  pid=292865 comm="rpc-virtqemud" name="pci-0000:06:00.1-fc-0x5005076812163b4b-lun-0" dev="tmpfs" ino=16 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=lnk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.129:14085): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=PATH msg=audit(1719224417.129:14085): item=1 name=(null) inode=17 dev=00:33 mode=060640 ouid=0 ogid=0 rdev=08:40 obj=system_u:object_r:tmpfs_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1719224417.129:14085): item=0 name=(null) inode=1 dev=00:33 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmpfs_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1719224417.129:14085): cwd="/"
type=SYSCALL msg=audit(1719224417.129:14085): arch=c000003e syscall=259 success=yes exit=0 a0=ffffff9c a1=7f26000051e0 a2=61b0 a3=840 items=2 ppid=289354 pid=292865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.129:14085): avc:  denied  { create } for  pid=292865 comm="rpc-virtqemud" name="sde" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.129:14086): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.129:14086): arch=c000003e syscall=94 success=yes exit=0 a0=7f26000051e0 a1=0 a2=6 a3=840 items=0 ppid=289354 pid=292865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.129:14086): avc:  denied  { setattr } for  pid=292865 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.129:14087): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.129:14087): arch=c000003e syscall=189 success=yes exit=0 a0=7f26000051e0 a1=7f261eff4197 a2=7f260000ec90 a3=29 items=0 ppid=289354 pid=292865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.129:14087): avc:  denied  { relabelfrom } for  pid=292865 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.131:14088): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.131:14088): arch=c000003e syscall=257 success=yes exit=20 a0=ffffff9c a1=7f2600009520 a2=2 a3=0 items=0 ppid=289354 pid=292866 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.131:14088): avc:  denied  { open } for  pid=292866 comm="rpc-virtqemud" path="/dev/sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
type=AVC msg=audit(1719224417.131:14088): avc:  denied  { read write } for  pid=292866 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.131:14089): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.131:14089): arch=c000003e syscall=72 success=yes exit=0 a0=14 a1=6 a2=7f260fdff310 a3=0 items=0 ppid=289354 pid=292866 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.131:14089): avc:  denied  { lock } for  pid=292866 comm="rpc-virtqemud" path="/dev/sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.131:14090): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.131:14090): arch=c000003e syscall=188 success=yes exit=0 a0=7f2600009520 a1=7f261006ae70 a2=7f260000c1d0 a3=28 items=0 ppid=289354 pid=292866 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.131:14090): avc:  denied  { setattr } for  pid=292866 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.131:14091): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.131:14091): arch=c000003e syscall=72 success=yes exit=0 a0=14 a1=6 a2=7f260fdff3d0 a3=7f26000008e0 items=0 ppid=289354 pid=292866 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.131:14091): avc:  denied  { lock } for  pid=292866 comm="rpc-virtqemud" path="/dev/sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c513,c786 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.132:14092): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.132:14092): arch=c000003e syscall=257 success=yes exit=20 a0=ffffff9c a1=7f26000029f0 a2=2 a3=0 items=0 ppid=289354 pid=292867 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.132:14092): avc:  denied  { open } for  pid=292867 comm="rpc-virtqemud" path="/dev/sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c513,c786 tclass=blk_file permissive=1
type=AVC msg=audit(1719224417.132:14092): avc:  denied  { read write } for  pid=292867 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c513,c786 tclass=blk_file permissive=1
----
time->Mon Jun 24 06:20:17 2024
type=PROCTITLE msg=audit(1719224417.132:14093): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719224417.132:14093): arch=c000003e syscall=188 success=yes exit=0 a0=7f26000029f0 a1=7f261006ae70 a2=7f260000c150 a3=5 items=0 ppid=289354 pid=292867 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719224417.132:14093): avc:  denied  { setattr } for  pid=292867 comm="rpc-virtqemud" name="sde" dev="tmpfs" ino=17 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c513,c786 tclass=blk_file permissive=1

Expected results

No AVC denied errors

AVC denied when hotplugging scsi lun to vm

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Activity

People

Dates