Bug 479552 - virtbox bug report
virtbox bug report
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.0
i686 Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-11 01:41 EST by jagadeeshuow
Modified: 2009-01-26 11:54 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-26 11:54:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description jagadeeshuow 2009-01-11 01:41:52 EST
SummarySELinux is preventing /usr/lib/virtualbox/VirtualBox from loading /usr/lib/virtualbox/VBoxKeyboard.so which requires text relocation.Detailed DescriptionThe /usr/lib/virtualbox/VirtualBox application attempted to load /usr/lib/virtualbox/VBoxKeyboard.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/virtualbox/VBoxKeyboard.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.Allowing AccessIf you trust /usr/lib/virtualbox/VBoxKeyboard.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/virtualbox/VBoxKeyboard.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/lib/virtualbox/VBoxKeyboard.soAdditional InformationSource Context:  root:system_r:unconfined_t:SystemLow-SystemHighTarget Context:  system_u:object_r:lib_tTarget Objects:  /usr/lib/virtualbox/VBoxKeyboard.so [ file ]Affected RPM Packages:  VirtualBox-2.0.4_38406_rhel5-1 [application]VirtualBox-2.0.4_38406_rhel5-1 [target]Policy RPM:  selinux-policy-2.4.6-104.el5Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.allow_execmodHost Name:  server1
Platform:  Linux server1 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686Alert Count:  4Line Numbers:   Raw Audit Messages :avc: denied { execmod } for comm="VirtualBox" dev=sda2 egid=0 euid=0 exe="/usr/lib/virtualbox/VirtualBox" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="VBoxKeyboard.so" path="/usr/lib/virtualbox/VBoxKeyboard.so" pid=3818 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=0
Comment 1 Daniel Berrange 2009-01-22 08:03:17 EST
Best I can guess this bug is related to RHEL-5 - given rhel-5 kernel version in the log there. Re-assigning to correct product + component.
Comment 2 Daniel Walsh 2009-01-26 11:54:28 EST
I believe this is fixed in the 5.3 policy
selinux-policy-2.4.6-204.el5

Note You need to log in before you can comment on or make changes to this bug.