From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 21 Apr 2012 18:12:32 +0200
Subject: [refpolicy] [PATCH 5/6] Adding dontaudit for qemu
In-Reply-To: <4F91C329.1000909@tresys.com>
References: <20120322200229.GA3387@siphos.be> <20120322200931.GF3387@siphos.be>
	<4F91C329.1000909@tresys.com>
Message-ID: <CAPzO=Nx+SrKNu3SDAp_dQn7cfJC3KqukFEbn3HbM63uOWfFz0w@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, Apr 20, 2012 at 10:12 PM, Christopher J. PeBenito
<cpebenito@tresys.com> wrote:
>> +dontaudit qemu_t self:socket create;
>
> I'm more interesting in finding out what kind of socket this is, so we can create an appropriate object class.

Ok, trying to figure that out now. No luck with just querying though:

Apr 21 17:53:04 hpl kernel: [90637.251881] type=1400
audit(1335023584.573:457): avc:  granted  { create } for  pid=28083
comm="qemu-system-x86" scontext=staff_u:sysadm_r:qemu_t
tcontext=staff_u:sysadm_r:qemu_t tclass=socket

Doesn't give much. An lsof shows:

# lsof -p 28083
qemu-syst 28083 swift    8u     unix 0x0000000000000000         0t0
80203 socket
qemu-syst 28083 swift    9u     unix 0x0000000000000000         0t0
80204 /tmp/vde.28083-00003

but I don't know how to find out more about this socket. It is related
to qemu's VDE networking virtualization (if I drop the "-net
vde,vlan=0" I don't get the attempt to create a socket) but doesn't
seem to be necessary.

/tmp/vde.28083-00003 is of type vde_tmp_t (cfr. patch/RFC regarding
VDE support sent a while ago)

If anyone know of a good resource that I can read on debugging
sockets, I'd love to hear about it.

Wkr,
  Sven Vermeulen