<div dir="ltr">Hi,<div><br></div><div>I found below messages in the audit log :- </div><div><br></div><div><div>[root@gfs1 ~]# grep &quot;avc&quot; /var/log/audit/audit.log</div><div>type=AVC msg=audit(1403834461.442:266685): avc:  denied  { read } for  pid=27958                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403835901.532:266865): avc:  denied  { read } for  pid=29746                                                                                                  comm=&quot;xz&quot; name=&quot;online&quot; dev=sysfs ino=23 scontext=system_u:system_r:logrotate_t                                                                                                 :s0-s0:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=file</div>
<div>type=AVC msg=audit(1403836508.226:266868): avc:  denied  { signal } for  pid=353                                                                                                 7 comm=&quot;sanlock-helper&quot; scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023                                                                                                  tcontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tclass=process</div>
<div>type=AVC msg=audit(1403838061.918:266965): avc:  denied  { read } for  pid=32528                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403841661.051:267604): avc:  denied  { read } for  pid=3256                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:logr                                                                                                 otate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403841661.053:267605): avc:  denied  { read } for  pid=3257                                                                                                  comm=&quot;xz&quot; name=&quot;online&quot; dev=sysfs ino=23 scontext=system_u:system_r:logrotate_t:                                                                                                 s0-s0:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=file</div>
<div>type=AVC msg=audit(1403845261.394:271326): avc:  denied  { read } for  pid=6791                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:logr                                                                                                 otate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403848861.538:271797): avc:  denied  { read } for  pid=9269                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:logr                                                                                                 otate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403852461.654:272828): avc:  denied  { read } for  pid=12222                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403852998.237:272831): avc:  denied  { signal } for  pid=353                                                                                                 7 comm=&quot;sanlock-helper&quot; scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023                                                                                                  tcontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tclass=process</div>
<div>type=AVC msg=audit(1403856061.898:273118): avc:  denied  { read } for  pid=16215                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403859661.098:273934): avc:  denied  { read } for  pid=19991                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>type=AVC msg=audit(1403863261.394:276053): avc:  denied  { read } for  pid=24345                                                                                                  comm=&quot;logrotate&quot; name=&quot;core&quot; dev=dm-0 ino=789758 scontext=system_u:system_r:log                                                                                                 rotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir</div>
<div>[root@gfs1 ~]#</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 27, 2014 at 5:35 PM, Sven Kieske <span dir="ltr">&lt;<a href="mailto:S.Kieske@mittwald.de" target="_blank">S.Kieske@mittwald.de</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Well I doubt this is a solution to this,<br>
anyway, if you want to check if it&#39;s a permission error<br>
due to not correctly configured selinux you<br>
could do:<br>
<br>
grep &quot;avc&quot; /var/log/auditd/auditd.log<br>
<br>
and configure your selinux correctly, no need to disable it.<br>
<br>
But I doubt that the &quot;VM can spoof the ip address&quot;<br>
<br>
you can configure it, sure, but you should not be able<br>
to access anything outside of the vm.<br>
<br>
another way to set this up, is, to configure the filter<br>
vdsm-no-mac-spoofing for each vm<br>
and to configure your network to not allow any other ip-packages<br>
from the given mac, and assign well known macs to each vm.<br>
you can also add vlans and proper subnetting to the mix to make<br>
it more secure.<br>
<br>
Am <a href="tel:27.06.2014%2011" value="+12706201411">27.06.2014 11</a>:16, schrieb Antoni Segura Puimedon:<br>
<div class="im HOEnZb">&gt; Did you try to disable SELinux with &quot;setenforce 0&quot; to see if the problem is<br>
&gt; one of secure contexts?<br>
<br>
</div><div class="HOEnZb"><div class="h5">--<br>
Mit freundlichen Grüßen / Regards<br>
<br>
Sven Kieske<br>
<br>
Systemadministrator<br>
Mittwald CM Service GmbH &amp; Co. KG<br>
Königsberger Straße 6<br>
32339 Espelkamp<br>
T: <a href="tel:%2B49-5772-293-100" value="+495772293100">+49-5772-293-100</a><br>
F: <a href="tel:%2B49-5772-293-333" value="+495772293333">+49-5772-293-333</a><br>
<a href="https://www.mittwald.de" target="_blank">https://www.mittwald.de</a><br>
Geschäftsführer: Robert Meyer<br>
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen<br>
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen</div></div></blockquote></div><br></div>