SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory

Solution Unverified - Updated -

Issue

  • SELinux is preventing /usr/libexec/qemu-kvm from add_name accesses on the directory
  • The complete SELinux alert is:
[abrt] (null): SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory .
hashmarkername: setroubleshoot
kernel:         3.10.0-123.8.1.el7.x86_64
last_occurrence: 1412284426
time:           Thu 02 Oct 2014 02:13:46 PM PDT

description:
:SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory .
:
:*****  Plugin catchall (100. confidence) suggests   **************************
:
:If you believe that qemu-kvm should be allowed add_name access on the  directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002
:Target Context                unconfined_u:object_r:user_home_t:s0
:Target Objects                 [ dir ]
:Source                        qemu-kvm
:Source Path                   /usr/libexec/qemu-kvm
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           qemu-kvm-1.5.3-60.el7_0.7.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.12.1-153.el7_0.11.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.10.0-123.8.1.el7.x86_64 #1 SMP
:                              Mon Aug 11 13:37:49 EDT 2014 x86_64 x86_64
:Alert Count                   1
:First Seen                    2014-10-02 14:13:32 PDT
:Last Seen                     2014-10-02 14:13:32 PDT
:Local ID                      de7c193a-a218-4b12-94e0-11881c113bb8
:
:Raw Audit Messages
:type=AVC msg=audit(1412284412.704:448): avc:  denied  { add_name } for  pid=5856 comm="qemu-kvm" name="win7.monitor" scontext=unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1412284412.704:448): arch=x86_64 syscall=bind success=no exit=EACCES a0=6 a1=7fff191ce4a0 a2=6e a3=41 items=0 ppid=1 pid=5856 auid=811802609 uid=811802609 gid=811800513 euid=811802609 suid=811802609 fsuid=811802609 egid=811800513 sgid=811800513 fsgid=811800513 tty=(none) ses=1 comm=qemu-kvm exe=/usr/libexec/qemu-kvm subj=unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002 key=(null)
:
:Hash: qemu-kvm,svirt_tcg_t,user_home_t,dir,add_name

Environment

  • Red Hat Enterprise Linux 7.0
  • selinux-policy-3.12.1-153.el7_0.11.noarch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content