Bug 434743

Summary: SELinux policy prevents execution of qemu tools
Product: [Fedora] Fedora Reporter: Michel Lind <michel>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-28 04:03:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michel Lind 2008-02-25 08:02:20 UTC 
Description of problem:
qemu binaries are all labeled system_u:object_r:qemu_exec_t:s0 -- including
qemu-img. Since qemu is considered a daemon, all binaries fall under the default
allow_daemons_use_tty=0 setting, which means:

- tools cannot display help message (try qemu -h, qemu-img -h)
- tools such as qemu-img, which need to print messages to the user, cannot run

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.0-1.fc9.noarch

How reproducible:
Always

Steps to Reproduce:
1. yum install qemu
2. qemu-img -h
  
Actual results:
"SELinux prevented qemu from using terminal 1"

Expected results:
Should work

Additional info:
Comment 1 Daniel Walsh 2008-02-26 15:04:45 UTC 
Fixed in selinux-policy-3.3.1-2.fc9

I will only label qemu and qemu-kvm as qemu_exec_t.

If you chcon -t bin_t /usr/bin/qemu-img it should fix your problem
Comment 2 Michel Lind 2008-02-28 04:03:19 UTC 
Downloaded 3.3.1-5 from Koji and that works, thanks.