Description of problem: When installing a new virtual machine (Windows XP guest), I see the following SElinux denial Summary: SELinux is preventing qemu-system-x86 (virtd_t) "getsched" to <Unknown> (virtd_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by qemu-system-x86. It is not expected that this access is required by qemu-system-x86 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:virtd_t:s0 Target Context unconfined_u:system_r:virtd_t:s0 Target Objects None [ process ] Source qemu-system-x86 Source Path /usr/bin/qemu-system-x86_64 Port <Unknown> Host clfelspc001.dc.clf.rl.ac.uk Source RPM Packages qemu-0.9.1-5.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-64.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name clfelspc001.dc.clf.rl.ac.uk Platform Linux clfelspc001.dc.clf.rl.ac.uk 2.6.25.4-30.fc9.x86_64 #1 SMP Wed May 21 17:34:18 EDT 2008 x86_64 x86_64 Alert Count 1 First Seen Thu 12 Jun 2008 03:49:02 PM BST Last Seen Thu 12 Jun 2008 03:49:02 PM BST Local ID 82b7ce79-53c0-4c01-a008-85253adeea04 Line Numbers Raw Audit Messages host=clfelspc001.dc.clf.rl.ac.uk type=AVC msg=audit(1213282142.958:2138): avc: denied { getsched } for pid=28649 comm="qemu-system-x86" scontext=unconfined_u:system_r:virtd_t:s0 tcontext=unconfined_u:system_r:virtd_t:s0 tclass=process host=clfelspc001.dc.clf.rl.ac.uk type=SYSCALL msg=audit(1213282142.958:2138): arch=c000003e syscall=143 success=yes exit=0 a0=6fe9 a1=7f36272abae8 a2=7fff2f2ba490 a3=7fff2f2ba080 items=0 ppid=28585 pid=28649 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=268 comm="qemu-system-x86" exe="/usr/bin/qemu-system-x86_64" subj=unconfined_u:system_r:virtd_t:s0 key=(null) # rpm -qa | grep selinux libselinux-2.0.64-2.fc9.x86_64 selinux-policy-targeted-3.3.1-64.fc9.noarch libselinux-python-2.0.64-2.fc9.x86_64 selinux-policy-3.3.1-64.fc9.noarch # rpm -qa | grep virt virt-manager-0.5.4-4.fc9.x86_64 libvirt-python-0.4.2-4.fc9.x86_64 libvirt-0.4.2-4.fc9.x86_64 python-virtinst-0.300.3-7.fc9.noarch # rpm -qa | grep kvm kvm-65-7.fc9.x86_64 # rpm -qa | grep qemu qemu-0.9.1-5.fc9.x86_64 qemu-img-0.9.1-5.fc9.x86_64
Fixed in selinux-policy-3.3.1-67.fc9.noarch
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.