Bug 1131651

Summary: SELinux causes virt-manager vm creation to fail
Product: [Fedora] Fedora Reporter: Mairi Dulaney <jdulaney>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 21CC: agedosier, berrange, clalancette, crobinso, dominick.grift, dwalsh, itamar, jforbes, laine, libvirt-maint, lvrabec, mgrepl, robatino, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-21 16:33:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1043124    

Description Mairi Dulaney 2014-08-19 18:26:50 UTC 
Description of problem:
If selinux is set to enforcing, receive the following when attempting to create a vm in virt-manager:


    Unable to complete install: 'internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
    '
     
    Traceback (most recent call last):
      File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in cb_wrapper
        callback(asyncjob, *args, **kwargs)
      File "/usr/share/virt-manager/virtManager/create.py", line 1787, in do_install
        guest.start_install(meter=meter)
      File "/usr/share/virt-manager/virtinst/guest.py", line 403, in start_install
        noboot)
      File "/usr/share/virt-manager/virtinst/guest.py", line 467, in _create_guest
        dom = self.conn.createLinux(start_xml or final_xml, 0)
      File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3361, in createLinux
        if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
    libvirtError: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
     




Version-Release number of selected component (if applicable):
3.13.1-72.fc21

How reproducible:
Always

Steps to Reproduce:
1. Ensure selinux is enforcing
2. Attempt to create a vm using virt-manager

Actual results:
Dies with the above pypuke

Expected results:
vm installs
Profit
Comment 1 Mairi Dulaney 2014-08-19 18:34:31 UTC 
Proposing as a beta blocker bug under the  Self hosting virtualization criteria.
Comment 2 Daniel Walsh 2014-08-19 20:21:45 UTC 
What AVC's are you seeing?

Looks like you need to turn on the virt_use_execmem boolean.

I think we can fix this long term if we just change libvirt to use a different type for containers running with qemu-kvm versus qemu-system
Comment 3 Daniel Walsh 2014-08-19 20:23:02 UTC 
This works the same way in Fedora 20 BTW, so it is not a blocker.
Comment 4 Cole Robinson 2014-08-21 16:33:05 UTC 

*** This bug has been marked as a duplicate of bug 1118504 ***