From 66d7d802da94ab8f3d275541e0e30b5244424acf Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Tue, 24 Dec 2019 18:10:43 +0800 Subject: [PATCH] virt: allow lvm_control access type=AVC msg=audit(1563034372.505:40675): avc: denied { read write } for pid=64033 comm="libvirtd" name="control" dev="devtmpfs" ino=1273 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1563034372.505:40675): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ff9a09cd180 a2=2 a3=0 items=1 ppid=1 pid=64033 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="libvirtd" exe="/usr/sbin/libvirtd" subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1563034372.505:40675): cwd="/" type=PATH msg=audit(1563034372.505:40675): item=0 name="/dev/mapper/control" inode=1273 dev=00:06 mode=020600 ouid=0 ogid=0 rdev=0a:ec obj=system_u:object_r:lvm_control_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 Signed-off-by: Jason Zaman --- policy/modules/services/virt.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index d4c5d05a0..fb985f123 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -622,6 +622,7 @@ dev_rw_sysfs(virtd_t) dev_read_urand(virtd_t) dev_read_rand(virtd_t) dev_rw_kvm(virtd_t) +dev_rw_lvm_control(virtd_t) dev_getattr_all_chr_files(virtd_t) dev_rw_mtrr(virtd_t) dev_rw_vhost(virtd_t)