773447 – virt-manager cannot run qemu-kvm in current Rawhide

Bug 773447 - virt-manager cannot run qemu-kvm in current Rawhide

Summary: virt-manager cannot run qemu-kvm in current Rawhide

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-11 20:54 UTC by Adam Williamson
Modified:	2012-01-11 21:30 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-01-11 21:30:36 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Williamson 2012-01-11 20:54:24 UTC

With latest selinux-policy (3.10.0-74), virt-manager runs and finds libvirt (that's fixed since -72), but cannot launch a VM, as selinux prevents it executing /usr/bin/qemu-kvm:

[   95.219139] type=1400 audit(1326315153.934:17): avc:  denied  { entrypoint } for  pid=2130 comm="libvirtd" path="/usr/bin/qemu-kvm" dev=dm-2 ino=170270 scontext=system_u:system_r:svirt_t:s0:c754,c782 tcontext=system_u:object_r:bin_t:s0 tclass=file

setenforce Permissive allows the VM to run, confirming the denial is the problem.

Comment 1 Daniel Walsh 2012-01-11 21:30:36 UTC

chcon -t qemu_exec_t /usr/bin/qemu-kvm

Will fix the problem.

Fixed in selinux-policy-3.10.0-75.fc17

Note You need to log in before you can comment on or make changes to this bug.