Should have included this in the first Email. Below is the boolean output of getsebool. Note that the qemu_use fields do have permission to access USB but there is no USB entry for the virt though there is for other virt_fields. I am running the
Looks to me some migration leftovers from qemu to qemu-kvm. Since I do not have the virt_use_usb selinux field I do need the most recent update that includes this.
I am running: [root@BRSINC-VC01 EB30750]# uname -a Linux BRSINC-VC01.Local 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 athlon i386 GNU/Linux
[root@BRSINC-VC01 EB30750]# getsebool -a allow_console_login --> off allow_cvs_read_shadow --> off allow_daemons_dump_core --> on allow_daemons_use_tty --> on allow_domain_fd_use --> on allow_execheap --> off allow_execmem --> off allow_execmod --> off allow_execstack --> on allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off allow_gssd_read_tmp --> on allow_guest_exec_content --> off allow_httpd_anon_write --> off allow_httpd_mod_auth_ntlm_winbind --> off allow_httpd_mod_auth_pam --> off allow_httpd_sys_script_anon_write --> off allow_java_execstack --> off allow_kerberos --> on allow_mount_anyfile --> on allow_mplayer_execstack --> off allow_nfsd_anon_write --> off allow_nsplugin_execmem --> on allow_polyinstantiation --> off allow_postfix_local_write_mail_spool --> on allow_ptrace --> off allow_rsync_anon_write --> off allow_saslauthd_read_shadow --> off allow_smbd_anon_write --> off allow_ssh_keysign --> off allow_staff_exec_content --> on allow_sysadm_exec_content --> on allow_unconfined_mmap_low --> off allow_unconfined_nsplugin_transition --> off allow_unconfined_qemu_transition --> off allow_user_exec_content --> on allow_user_postgresql_connect --> off allow_write_xshm --> off allow_xguest_exec_content --> off allow_xserver_execmem --> on allow_ypbind --> off allow_zebra_write_config --> on cdrecord_read_content --> off cron_can_relabel --> off exim_can_connect_db --> off exim_manage_user_files --> off exim_read_user_files --> off fcron_crond --> off ftp_home_dir --> off ftpd_connect_db --> off global_ssp --> off gpg_agent_env_file --> off httpd_builtin_scripting --> on httpd_can_network_connect --> off httpd_can_network_connect_db --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> on httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_execmem --> off httpd_ssi_exec --> off httpd_tty_comm --> on httpd_unified --> on httpd_use_cifs --> off httpd_use_nfs --> off init_upstart --> on mozilla_read_content --> off named_write_master_zones --> off nfs_export_all_ro --> on nfs_export_all_rw --> on nsplugin_can_network --> on openvpn_enable_homedirs --> off pppd_can_insmod --> off pppd_for_user --> off privoxy_connect_any --> off pulseaudio_network --> off qemu_full_network --> on qemu_use_cifs --> on qemu_use_comm --> off qemu_use_nfs --> on qemu_use_usb --> on read_default_t --> on rsync_client --> off rsync_export_all_ro --> off samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_run_unconfined --> on samba_share_fusefs --> off samba_share_nfs --> off secure_mode --> off secure_mode_insmod --> off secure_mode_policyload --> off sepgsql_enable_users_ddl --> on spamassassin_can_network --> off spamd_enable_home_dirs --> on squid_connect_any --> off ssh_sysadm_login --> off tftp_anon_write --> off unconfined_login --> on use_lpd_server --> off use_nfs_home_dirs --> on use_samba_home_dirs --> off user_direct_mouse --> off user_ping --> on user_rw_noexattrfile --> on user_tcp_server --> off user_ttyfile_stat --> off varnishd_connect_any --> off virt_manage_sysfs --> off virt_use_comm --> off virt_use_nfs --> off virt_use_samba --> off webadm_manage_user_files --> off webadm_read_user_files --> off xdm_sysadm_login --> off xen_use_nfs --> off xguest_connect_network --> on xguest_mount_media --> on xguest_use_bluetooth --> on xserver_object_manager --> off
-
Paul Lambert