-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.1
-
selinux-policy-40.13.35-1.el10
-
No
-
Moderate
-
1
-
rhel-security-selinux
-
ssg_security
-
19
-
2
-
QE ack
-
False
-
False
-
-
No
-
SELINUX 250716: 9
-
Pass
-
Automated
-
Release Note Not Required
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Version-Release number of selected component (if applicable):
selinux-policy-40.13.31-2.el10.noarch
libvirt-11.3.0-1.el10.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Prepare a running guest
# virsh list --all Id Name State --------------------------------- 1 avocado-vt-vm1 running
2. Configure the auto shutdown parameters
# grep -v -e '^#' -e '^$' /etc/libvirt/qemu.conf auto_shutdown_try_shutdown = "all" auto_shutdown_restore = 1
3. Reboot the host
4. Check the audit log
# ausearch -m avc
time->Sun Jun 8 20:09:23 2025
type=PROCTITLE msg=audit(1749427763.892:257): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=PATH msg=audit(1749427763.892:257): item=1 name=(null) inode=70431094 dev=fd:00 mode=0120777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:virt_etc_rw_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1749427763.892:257): item=0 name=(null) inode=70289604 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:virt_etc_rw_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1749427763.892:257): cwd="/"
type=SYSCALL msg=audit(1749427763.892:257): arch=c000003e syscall=88 success=yes exit=0 a0=7f7e08003dc0 a1=7f7e08000b70 a2=0 a3=0 items=2 ppid=1 pid=2731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-stop" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1749427763.892:257): avc: denied { create } for pid=2731 comm="daemon-stop" name="avocado-vt-vm3.xml.once" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=lnk_file permissive=1
----
time->Sun Jun 8 20:12:47 2025
type=PROCTITLE msg=audit(1749427967.774:118): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1749427967.774:118): arch=c000003e syscall=87 success=yes exit=0 a0=7ff8c4407630 a1=7ff8c447e220 a2=7ff8c40078a0 a3=7ff8c40008e0 items=0 ppid=1 pid=1857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1749427967.774:118): avc: denied { unlink } for pid=1857 comm="daemon-init" name="avocado-vt-vm4.xml.once" dev="dm-0" ino=70431095 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=lnk_file permissive=1
----
time->Sun Jun 8 20:12:50 2025
type=PROCTITLE msg=audit(1749427970.516:175): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230
type=SYSCALL msg=audit(1749427970.516:175): arch=c000003e syscall=87 success=yes exit=0 a0=7ff8c43ffd20 a1=7ff8c41d0b20 a2=7ff8c40078a0 a3=7ff8c40008e0 items=0 ppid=1 pid=1857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="daemon-init" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1749427970.516:175): avc: denied { unlink } for pid=1857 comm="daemon-init" name="avocado-vt-vm1.xml.once" dev="dm-0" ino=70431096 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=lnk_file permissive=1
Expected result:
Should not report avc denied error
- links to
-
RHBA-2025:147963
selinux-policy bug fix and enhancement update