Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634264 - sec-policy/selinux-virt does not contains virtlogd type
Summary: sec-policy/selinux-virt does not contains virtlogd type
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
Depends on:
Reported: 2017-10-14 19:18 UTC by Alexander Miroshnichenko
Modified: 2019-02-20 09:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Miroshnichenko 2017-10-14 19:18:14 UTC
New versions of libvirt separates log functionality from main code to new virtlogd daemon. The new daemon does not defined in the sec-policy/selinux-virt module policy.

# eselect rc start libvirtd
Starting init script
Authenticating root.
 * Caching service dependencies ...                                                                                                                                                                                                     [ ok ]
 * Starting virtlogd ...
2017-10-14 18:32:30.385+0000: 4584: info : libvirt version: 3.6.0
2017-10-14 18:32:30.385+0000: 4584: info : hostname: XXXX
2017-10-14 18:32:30.385+0000: 4584: error : main:972 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
 * start-stop-daemon: failed to start `/usr/sbin/virtlogd'
 * Failed to start virtlogd                                                                                                                                                                                                             [ !! ]
 * ERROR: virtlogd failed to start
 * ERROR: cannot start libvirtd as virtlogd would not start

# ls -lZ `which virtlogd`  
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 712112 Oct 14 21:27 /usr/sbin/virtlogd

# matchpathcon /usr/sbin/virtlogd
/usr/sbin/virtlogd      system_u:object_r:bin_t:s0

# qlist -ICv sec-policy/selinux-virt

Last unstable sec-policy/selinux-virt version 2.20170805-r2 still does not contains virtlogd type definition with related resources access.
Comment 1 Jason Zaman gentoo-dev 2017-10-17 03:22:36 UTC
yeah ive got some tentative patches for this but havent gotten around to cleaning them up and merging yet :(
It used to work before, im not sure if there have been more changes that need updating. I'll try and clean these up soon.
Comment 2 Alexander Miroshnichenko 2019-02-20 09:27:44 UTC
# seinfo -t virtlogd_t -x 

Types: 1
   type virtlogd_t, domain, daemon;

I can see the type already in policy.
Do you want any else action to do?