-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
sst_security_selinux
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
Please provide the package NVR for which bug is seen:
libvirt-10.4.0-1.el10.x86_64
qemu-kvm-9.0.0-2.el10.1.x86_64
selinux-policy-40.13.3-2.el10.noarch
How reproducible:
100%
Steps to reproduce
1. start a guest with with random backend virtio-rng device
# virsh dumpxml avocado-vt-vm1 --xpath //rng <rng model="virtio"> <backend model="random">/dev/urandom</backend> <alias name="rng0"/> <address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/> </rng>
2. Check the guest
# virsh list --all Id Name State --------------------------------- 2 avocado-vt-vm1 running
3. Check the audit log
time->Mon Jul 1 01:31:44 2024
type=PROCTITLE msg=audit(1719811904.096:81283): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1719811904.096:81283): arch=c000003e syscall=92 success=yes exit=0 a0=7ff0f0058bd0 a1=6b a2=6b a3=0 items=0 ppid=692810 pid=698570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1719811904.096:81283): avc: denied { setattr } for pid=698570 comm="rpc-virtqemud" name="userfaultfd" dev="tmpfs" ino=7 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c225,c919 tclass=chr_file permissive=1
----
Expected result:
no AVC denied error
