Bug 1123325
Summary: | SELinux is preventing /usr/bin/qemu-system-x86_64 from using the execstack access on a process. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ritesh Khadgaray <khadgaray> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | cristian.ciupitu, dominick.grift, dwalsh, lvrabec, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-31 14:37:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ritesh Khadgaray
2014-07-25 10:17:29 UTC
*** Bug 1123326 has been marked as a duplicate of this bug. *** ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow virt to use execmem Then you must tell SELinux about this by enabling the 'virt_use_execmem' boolean. You can read 'None' man page for more details. Do setsebool -P virt_use_execmem 1 (In reply to Miroslav Grepl from comment #2) > If you want to allow virt to use execmem > Then you must tell SELinux about this by enabling the 'virt_use_execmem' > boolean. It's good there's already a boolean for this, but shouldn't it be turned on by default? I'm not running rawhide, but I do have the libvirt from rawhide on Fedora 20 and I can't start any virtual machines with the default policy. I'm all for secure defaults, but I don't think that a non-working policy is good. Most peopel who run virt do not need this. Most people use qemu-kvm. But I agree that libvirt should choose a different type for qemu-system-x86 then this, which could also solve the problem. I was using libvirt-daemon-kvm-1.2.6-2.fc20.x86_64 with qemu-system-x86-2.1.0-0.5.rc3.fc20.x86_64 and it worked only after turning on virt_use_execmem. |