Anyone else using Open vSwitch on F18?

[Ian Pilcher]

And getting a ton of SELinux AVCs?

According to https://bugzilla.redhat.com/show_bug.cgi?id=872974#c2,
the openvswitch policy should be in selinux-policy-targeted-
3.11.1-66.fc18.noarch, but I'm seeing a ton of messages related to kmod,
files in /etc/modprobe.d, and a netlink socket.

type=AVC msg=audit(1356894958.32:2022): avc:  denied  { module_request }
for  pid=1584 comm="ovs-vswitchd" kmod="netdev-vnet6"
scontext=system_u:system_r:openvswitch_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system

type=SYSCALL msg=audit(1356894958.32:2022): arch=x86_64 syscall=ioctl
success=no exit=ENODEV a0=10 a1=8913 a2=7fff99c842d0 a3=ffffffff items=0
ppid=1583 pid=1584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ovs-vswitchd
exe=2F7573722F7362696E2F6F76732D7673776974636864202864656C6574656429
subj=system_u:system_r:openvswitch_t:s0 key=(null)

type=AVC msg=audit(1356894968.741:2209): avc:  denied  { nlmsg_write }
for  pid=1584 comm="ovs-vswitchd"
scontext=system_u:system_r:openvswitch_t:s0
tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_route_socket

type=SYSCALL msg=audit(1356894968.741:2209): arch=x86_64 syscall=sendmsg
success=yes exit=EBADE a0=25 a1=7fff99c83530 a2=0 a3=200 items=0
ppid=1583 pid=1584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ovs-vswitchd
exe=2F7573722F7362696E2F6F76732D7673776974636864202864656C6574656429
subj=system_u:system_r:openvswitch_t:s0 key=(null)

-- 
========================================================================
Ian Pilcher                                         arequipeno at gmail.com
Sometimes there's nothing left to do but crash and burn...or die trying.
========================================================================