-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
No
-
None
-
sst_security_selinux
-
ssg_security
-
1
-
QE ack
-
False
-
-
None
-
None
-
-
None
-
Automated
-
None
Description of problem:
AVC denied error when try to allocate hugepages by "# virsh allocpages"
Version-Release number of selected component (if applicable):
# rpm -q libvirt qemu-kvm selinux-policy
libvirt-10.8.0-2.el10.x86_64
qemu-kvm-9.1.0-3.el10.x86_64
selinux-policy-40.13.12-1.el10.noarch
How reproducible:
100%
Steps to Reproduce:
# virsh freepages 0 2M 2048KiB: 0 # ausearch -m avc <no matches> # virsh allocpages 2M 1024 # ausearch -m avc ---- time->Mon Oct 28 09:10:21 2024 type=PROCTITLE msg=audit(1730121021.244:1283): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230 type=SYSCALL msg=audit(1730121021.244:1283): arch=c000003e syscall=257 success=yes exit=19 a0=ffffff9c a1=7fe74841ed90 a2=201 a3=0 items=0 ppid=1 pid=9674 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null) type=AVC msg=audit(1730121021.244:1283): avc: denied { write } for pid=9674 comm="rpc-virtqemud" name="nr_hugepages" dev="sysfs" ino=2943 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 # virsh freepages 0 2M 2048KiB: 1024
Actual results:
AVC denied error when try to allocate hugepages by "# virsh allocpages"
Expected results:
There should not be AVC denied error in the audit logs
Additional info:
