[fedora-virt] Addendum to USB issues

Paul Lambert eb30750 at gmail.com
Sat Jul 11 20:42:41 UTC 2009 

Should have included this in the first Email.  Below is the boolean
output of getsebool.  Note that the qemu_use fields do have permission
to access USB but there is no USB entry for the virt though there is
for other virt_fields.  I am running the

Looks to me some migration leftovers from qemu to qemu-kvm.  Since I
do not have the virt_use_usb selinux field I do need the most recent
update that includes this.

I am running:
[root at BRSINC-VC01 EB30750]# uname -a
Linux BRSINC-VC01.Local 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16
23:11:39 EDT 2009 i686 athlon i386 GNU/Linux


[root at BRSINC-VC01 EB30750]# getsebool -a
allow_console_login --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tty --> on
allow_domain_fd_use --> on
allow_execheap --> off
allow_execmem --> off
allow_execmod --> off
allow_execstack --> on
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_gssd_read_tmp --> on
allow_guest_exec_content --> off
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
allow_java_execstack --> off
allow_kerberos --> on
allow_mount_anyfile --> on
allow_mplayer_execstack --> off
allow_nfsd_anon_write --> off
allow_nsplugin_execmem --> on
allow_polyinstantiation --> off
allow_postfix_local_write_mail_spool --> on
allow_ptrace --> off
allow_rsync_anon_write --> off
allow_saslauthd_read_shadow --> off
allow_smbd_anon_write --> off
allow_ssh_keysign --> off
allow_staff_exec_content --> on
allow_sysadm_exec_content --> on
allow_unconfined_mmap_low --> off
allow_unconfined_nsplugin_transition --> off
allow_unconfined_qemu_transition --> off
allow_user_exec_content --> on
allow_user_postgresql_connect --> off
allow_write_xshm --> off
allow_xguest_exec_content --> off
allow_xserver_execmem --> on
allow_ypbind --> off
allow_zebra_write_config --> on
cdrecord_read_content --> off
cron_can_relabel --> off
exim_can_connect_db --> off
exim_manage_user_files --> off
exim_read_user_files --> off
fcron_crond --> off
ftp_home_dir --> off
ftpd_connect_db --> off
global_ssp --> off
gpg_agent_env_file --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_ssi_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_nfs --> off
init_upstart --> on
mozilla_read_content --> off
named_write_master_zones --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nsplugin_can_network --> on
openvpn_enable_homedirs --> off
pppd_can_insmod --> off
pppd_for_user --> off
privoxy_connect_any --> off
pulseaudio_network --> off
qemu_full_network --> on
qemu_use_cifs --> on
qemu_use_comm --> off
qemu_use_nfs --> on
qemu_use_usb --> on
read_default_t --> on
rsync_client --> off
rsync_export_all_ro --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_fusefs --> off
samba_share_nfs --> off
secure_mode --> off
secure_mode_insmod --> off
secure_mode_policyload --> off
sepgsql_enable_users_ddl --> on
spamassassin_can_network --> off
spamd_enable_home_dirs --> on
squid_connect_any --> off
ssh_sysadm_login --> off
tftp_anon_write --> off
unconfined_login --> on
use_lpd_server --> off
use_nfs_home_dirs --> on
use_samba_home_dirs --> off
user_direct_mouse --> off
user_ping --> on
user_rw_noexattrfile --> on
user_tcp_server --> off
user_ttyfile_stat --> off
varnishd_connect_any --> off
virt_manage_sysfs --> off
virt_use_comm --> off
virt_use_nfs --> off
virt_use_samba --> off
webadm_manage_user_files --> off
webadm_read_user_files --> off
xdm_sysadm_login --> off
xen_use_nfs --> off
xguest_connect_network --> on
xguest_mount_media --> on
xguest_use_bluetooth --> on
xserver_object_manager --> off

More information about the virt mailing list