Bug 473500
| Summary: | SELinux dienies VirtualBox (unconfined_t) "execmod" to /usr/lib/virtualbox/VirtualBox.so (lib_t). | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Stan Trzmiel <xeno> | ||||
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 10 | CC: | dwalsh, jkubin, mgrepl, robatino | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-12-16 15:08:07 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
The read/write problem is a leaked file descriptor. Are you using konsole? Does chcon -t testrel_shlib_t /usr/lib/virtualbox/*.so Fix the problem? Please attach the execmod avc? Also please report this as a bug to virtualbox since they are building their libraries incorrectly. Attach a link to: http://people.redhat.com/~drepper/selinux-mem.html Here's raw audit message:
node=localhost.localdomain type=AVC msg=audit(1228346126.832:54): avc: denied { execmod } for pid=3546 comm="VirtualBox" path="/usr/lib/virtualbox/VirtualBox.so" dev=sda2 ino=132980 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1228346126.832:54): arch=40000003 syscall=125 success=no exit=-13 a0=9c1000 a1=309000 a2=5 a3=bf80b200 items=0 ppid=3025 pid=3546 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="VirtualBox" exe="/usr/lib/virtualbox/VirtualBox" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
______________________________________________________________________________
I can't change SELinux context
Execututing "chcon -t testrel_shlib_t /usr/lib/virtualbox/*.so" as root gives "chcon: unable to change context `/usr/lib/virtualbox/VRDPAuth.so' to `system_u:object_r:testrel_shlib_t:s0': Wrong argument" and another SELinux alert: "SELinux deny chcon (unconfined_t) "mac_admin" to unconfined_t.
Update to selinux-policy-3.5.13-26.fc10.noarch doesn't help. The same app under Fedora 9 works just fine.
Typo # chcon -t textrel_shlib_t /usr/lib/virtualbox/*.so Fixed in selinux-policy-3.5.13-31.fc10.noarch HI, It works great now thanks. |
Created attachment 325043 [details] Whole troubleshooting tool alert dumped Description of problem: SELinux block launch of VirtualBox with message in SELinux troubleshooting tool SELinux dienies VirtualBox (unconfined_t) "execmod" to /usr/lib/virtualbox/VirtualBox.so (lib_t). Suggested attempt to relabel the file causes another SElinux denial SELinux denies restorecon (setfiles_t) "read write" do unconfined_t. Turning the "allow_execmod" on doesn't help also Version-Release number of selected component (if applicable): VirtualBox-2.0.6_39765_fedora9-1.i386.rpm selinux-policy-3.5.13-18.fc10.noarch libselinux-2.0.73-1.fc10.i386 How reproducible: 100% Steps to Reproduce: Install VirtualBox-2.0.6_39765_fedora9-1.i386.rpm and try to start the application Actual results: VirtualBox manager won't start Expected results: VirtualBox should appear and alow me to turn my virtual machine on. Additional info: