| Summary: | sVirt allows PROT_EXEC mappings | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jiri Denemark <jdenemar> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2 | CC: | acathrow, ajia, dallan, dwalsh, dyuan, gsun, juzhang, knoel, mmalik, mzhan, rwu |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 750284 | Environment: | |
| Last Closed: | 2012-10-15 18:27:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 750284 | ||
|
Comment 2
Miroslav Grepl
2011-12-09 12:11:01 UTC
(In reply to comment #2) > Jiri, > how are you planning to set a context? Oops, sorry for such late reply. Libvirt already sets the context using setexeccon() just before exec()ing qemu-kvm binary. However, currently we use the context we get from reading selinux_virtual_domain_context_path() and we'd probably need similar thing for the new context to avoid hardcoding it in libvirt itself. Since RHEL 6.3 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. |