SummarySELinux is preventing /usr/lib/virtualbox/VirtualBox from loading /usr/lib/virtualbox/VBoxKeyboard.so which requires text relocation.Detailed DescriptionThe /usr/lib/virtualbox/VirtualBox application attempted to load /usr/lib/virtualbox/VBoxKeyboard.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/virtualbox/VBoxKeyboard.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.Allowing AccessIf you trust /usr/lib/virtualbox/VBoxKeyboard.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/virtualbox/VBoxKeyboard.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/lib/virtualbox/VBoxKeyboard.soAdditional InformationSource Context: root:system_r:unconfined_t:SystemLow-SystemHighTarget Context: system_u:object_r:lib_tTarget Objects: /usr/lib/virtualbox/VBoxKeyboard.so [ file ]Affected RPM Packages: VirtualBox-2.0.4_38406_rhel5-1 [application]VirtualBox-2.0.4_38406_rhel5-1 [target]Policy RPM: selinux-policy-2.4.6-104.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.allow_execmodHost Name: server1 Platform: Linux server1 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686Alert Count: 4Line Numbers: Raw Audit Messages :avc: denied { execmod } for comm="VirtualBox" dev=sda2 egid=0 euid=0 exe="/usr/lib/virtualbox/VirtualBox" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="VBoxKeyboard.so" path="/usr/lib/virtualbox/VBoxKeyboard.so" pid=3818 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=0
Best I can guess this bug is related to RHEL-5 - given rhel-5 kernel version in the log there. Re-assigning to correct product + component.
I believe this is fixed in the 5.3 policy selinux-policy-2.4.6-204.el5