Bug 434743 - SELinux policy prevents execution of qemu tools
SELinux policy prevents execution of qemu tools
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-25 03:02 EST by Michel Alexandre Salim
Modified: 2008-02-27 23:03 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-27 23:03:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michel Alexandre Salim 2008-02-25 03:02:20 EST
Description of problem:
qemu binaries are all labeled system_u:object_r:qemu_exec_t:s0 -- including
qemu-img. Since qemu is considered a daemon, all binaries fall under the default
allow_daemons_use_tty=0 setting, which means:

- tools cannot display help message (try qemu -h, qemu-img -h)
- tools such as qemu-img, which need to print messages to the user, cannot run

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.0-1.fc9.noarch

How reproducible:
Always

Steps to Reproduce:
1. yum install qemu
2. qemu-img -h
  
Actual results:
"SELinux prevented qemu from using terminal 1"

Expected results:
Should work

Additional info:
Comment 1 Daniel Walsh 2008-02-26 10:04:45 EST
Fixed in selinux-policy-3.3.1-2.fc9

I will only label qemu and qemu-kvm as qemu_exec_t.

If you chcon -t bin_t /usr/bin/qemu-img it should fix your problem
Comment 2 Michel Alexandre Salim 2008-02-27 23:03:19 EST
Downloaded 3.3.1-5 from Koji and that works, thanks.

Note You need to log in before you can comment on or make changes to this bug.