Bug 516799 - selinux prevents qemu-kvm (svirt_t) "setrlimit" svirt_t. No virtual machines will start.
selinux prevents qemu-kvm (svirt_t) "setrlimit" svirt_t. No virtual machines ...
Status: CLOSED DUPLICATE of bug 515521
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
11
All Linux
low Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-11 10:55 EDT by Jón Fairbairn
Modified: 2009-08-11 18:49 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-11 18:49:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
alert saved by sealert (2.54 KB, text/plain)
2009-08-11 10:55 EDT, Jón Fairbairn
no flags Details

  None (edit)
Description Jón Fairbairn 2009-08-11 10:55:36 EDT
Created attachment 357031 [details]
alert saved by sealert 

Description of problem:
If I attempt to start any virtual machines I get the attached selinux denial.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.12-69.fc11.noarch
selinux-policy-targeted-3.6.12-69.fc11.noarch
kernel-2.6.29.6-217.2.3.fc11.x86_64
libvirt-0.6.2-13.fc11.x86_64

How reproducible:
Every time I try since rebooting into the present kernel.

Steps to Reproduce:
1. virsh start whatever
2.
3.
  
Actual results:
Denial attached, also denial concerning terminal

Expected results:
Virtual machine should start


Additional info:
Owing to bug #514208 I have run kernel-2.6.29.5-191.fc11.x86_64 up until yesterday.  Bug can be reproduced by defining a new virtual machine, so it's not restricted to the ones I made earlier.
Comment 1 Daniel Walsh 2009-08-11 18:49:12 EDT
This seems to be a glibc problem.

*** This bug has been marked as a duplicate of bug 515521 ***

Note You need to log in before you can comment on or make changes to this bug.