Description of problem: The current SELinux policy is only labelling the i386 emulator (/usr/bin/qemu) and the KVM accelerator (/usr/bin/qemu-kvm). None of the other architecture emulators (/usr/bin/qemu-system-XXXXX) are being labelled # semanage fcontext -l | grep /usr/bin/qemu /usr/bin/qemu regular file system_u:object_r:qemu_exec_t:s0 /usr/bin/qemu-kvm regular file system_u:object_r:qemu_exec_t:s0 # ls -lZ /usr/bin/qemu /usr/bin/qemu-system-* -rwxr-xr-x. root root system_u:object_r:qemu_exec_t:s0 /usr/bin/qemu -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-arm -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-cris -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-m68k -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-mips -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-mips64 -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-mips64el -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-mipsel -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-ppc -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-ppc64 -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-ppcemb -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-sh4 -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-sh4eb -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-sparc -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/qemu-system-x86_64 Recommend adding a wildcard rule on /usr/bin/qemu-system-* since more arch emulators inevitably appear with every new QEMU release Version-Release number of selected component (if applicable): selinux-policy-3.6.6-5.fc11.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Fixed in selinux-policy-3.6.7-1.fc11