SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory
Issue
SELinuxis preventing/usr/libexec/qemu-kvmfromadd_nameaccesses on the directory- The complete
SELinuxalert is:
[abrt] (null): SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory .
hashmarkername: setroubleshoot
kernel: 3.10.0-123.8.1.el7.x86_64
last_occurrence: 1412284426
time: Thu 02 Oct 2014 02:13:46 PM PDT
description:
:SELinux is preventing /usr/libexec/qemu-kvm from 'add_name' accesses on the directory .
:
:***** Plugin catchall (100. confidence) suggests **************************
:
:If you believe that qemu-kvm should be allowed add_name access on the directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002
:Target Context unconfined_u:object_r:user_home_t:s0
:Target Objects [ dir ]
:Source qemu-kvm
:Source Path /usr/libexec/qemu-kvm
:Port <Unknown>
:Host (removed)
:Source RPM Packages qemu-kvm-1.5.3-60.el7_0.7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-153.el7_0.11.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-123.8.1.el7.x86_64 #1 SMP
: Mon Aug 11 13:37:49 EDT 2014 x86_64 x86_64
:Alert Count 1
:First Seen 2014-10-02 14:13:32 PDT
:Last Seen 2014-10-02 14:13:32 PDT
:Local ID de7c193a-a218-4b12-94e0-11881c113bb8
:
:Raw Audit Messages
:type=AVC msg=audit(1412284412.704:448): avc: denied { add_name } for pid=5856 comm="qemu-kvm" name="win7.monitor" scontext=unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1412284412.704:448): arch=x86_64 syscall=bind success=no exit=EACCES a0=6 a1=7fff191ce4a0 a2=6e a3=41 items=0 ppid=1 pid=5856 auid=811802609 uid=811802609 gid=811800513 euid=811802609 suid=811802609 fsuid=811802609 egid=811800513 sgid=811800513 fsgid=811800513 tty=(none) ses=1 comm=qemu-kvm exe=/usr/libexec/qemu-kvm subj=unconfined_u:system_r:svirt_tcg_t:s0:c670,c1002 key=(null)
:
:Hash: qemu-kvm,svirt_tcg_t,user_home_t,dir,add_name
Environment
- Red Hat Enterprise Linux 7.0
- selinux-policy-3.12.1-153.el7_0.11.noarch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
