[refpolicy] [PATCH 5/6] Adding dontaudit for qemu
Sven Vermeulen
sven.vermeulen at siphos.be
Sat Apr 21 11:12:32 CDT 2012
On Fri, Apr 20, 2012 at 10:12 PM, Christopher J. PeBenito
<cpebenito at tresys.com> wrote:
>> +dontaudit qemu_t self:socket create;
>
> I'm more interesting in finding out what kind of socket this is, so we can create an appropriate object class.
Ok, trying to figure that out now. No luck with just querying though:
Apr 21 17:53:04 hpl kernel: [90637.251881] type=1400
audit(1335023584.573:457): avc: granted { create } for pid=28083
comm="qemu-system-x86" scontext=staff_u:sysadm_r:qemu_t
tcontext=staff_u:sysadm_r:qemu_t tclass=socket
Doesn't give much. An lsof shows:
# lsof -p 28083
qemu-syst 28083 swift 8u unix 0x0000000000000000 0t0
80203 socket
qemu-syst 28083 swift 9u unix 0x0000000000000000 0t0
80204 /tmp/vde.28083-00003
but I don't know how to find out more about this socket. It is related
to qemu's VDE networking virtualization (if I drop the "-net
vde,vlan=0" I don't get the attempt to create a socket) but doesn't
seem to be necessary.
/tmp/vde.28083-00003 is of type vde_tmp_t (cfr. patch/RFC regarding
VDE support sent a while ago)
If anyone know of a good resource that I can read on debugging
sockets, I'd love to hear about it.
Wkr,
Sven Vermeulen
More information about the refpolicy
mailing list