Created attachment 325043 [details] Whole troubleshooting tool alert dumped Description of problem: SELinux block launch of VirtualBox with message in SELinux troubleshooting tool SELinux dienies VirtualBox (unconfined_t) "execmod" to /usr/lib/virtualbox/VirtualBox.so (lib_t). Suggested attempt to relabel the file causes another SElinux denial SELinux denies restorecon (setfiles_t) "read write" do unconfined_t. Turning the "allow_execmod" on doesn't help also Version-Release number of selected component (if applicable): VirtualBox-2.0.6_39765_fedora9-1.i386.rpm selinux-policy-3.5.13-18.fc10.noarch libselinux-2.0.73-1.fc10.i386 How reproducible: 100% Steps to Reproduce: Install VirtualBox-2.0.6_39765_fedora9-1.i386.rpm and try to start the application Actual results: VirtualBox manager won't start Expected results: VirtualBox should appear and alow me to turn my virtual machine on. Additional info:
The read/write problem is a leaked file descriptor. Are you using konsole? Does chcon -t testrel_shlib_t /usr/lib/virtualbox/*.so Fix the problem? Please attach the execmod avc?
Also please report this as a bug to virtualbox since they are building their libraries incorrectly. Attach a link to: http://people.redhat.com/~drepper/selinux-mem.html
Here's raw audit message: node=localhost.localdomain type=AVC msg=audit(1228346126.832:54): avc: denied { execmod } for pid=3546 comm="VirtualBox" path="/usr/lib/virtualbox/VirtualBox.so" dev=sda2 ino=132980 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1228346126.832:54): arch=40000003 syscall=125 success=no exit=-13 a0=9c1000 a1=309000 a2=5 a3=bf80b200 items=0 ppid=3025 pid=3546 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="VirtualBox" exe="/usr/lib/virtualbox/VirtualBox" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null) ______________________________________________________________________________ I can't change SELinux context Execututing "chcon -t testrel_shlib_t /usr/lib/virtualbox/*.so" as root gives "chcon: unable to change context `/usr/lib/virtualbox/VRDPAuth.so' to `system_u:object_r:testrel_shlib_t:s0': Wrong argument" and another SELinux alert: "SELinux deny chcon (unconfined_t) "mac_admin" to unconfined_t. Update to selinux-policy-3.5.13-26.fc10.noarch doesn't help. The same app under Fedora 9 works just fine.
Typo # chcon -t textrel_shlib_t /usr/lib/virtualbox/*.so Fixed in selinux-policy-3.5.13-31.fc10.noarch
HI, It works great now thanks.