[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] XSM: new set of "avc denied"

I had a look at Osstest's latest xen-unstable run [0]. With Ian's patch
series we finally passed the point of guest creation on x86.

We now have a new set of "avc denied".

May 24 20:18:05.945118 (XEN) avc:  denied  { get_vnumainfo } for domid=1 
scontext=system_u:system_r:domU_t tcontext=system_u:system_r:domU_t_self 
tclass=domain2

This is HVM loader trying to call get_vnumainfo

May 24 20:28:50.593013 (XEN) avc:  denied  { logdirty } for domid=0 target=3 
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t 
tclass=shadow
May 24 20:29:20.721085 (XEN) avc:  denied  { disable } for domid=0 target=3 
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t 
tclass=shadow
May 24 20:29:20.737023 (XEN) avc:  denied  { disable } for domid=0 target=3 
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t 
tclass=shadow

The above failures made guest local migration test fail for both PV and HVM
guests.

May 24 14:36:47.541016 (XEN) avc:  denied  { writeconsole } for domid=1 
scontext=system_u:system_r:domU_t tcontext=system_u:system_r:xen_t tclass=xen

This is PV specific, I think it was due to PV guest was configured to write to
console and XSM (rightfully?) rejected that. My guess is that HVM is not
configured to write to console so I don't see that in HVM test cases.

Wei.

[0] http://logs.test-lab.xenproject.org/osstest/logs/57005/

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.