libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.7-1.fc16.x86_64 reason: SELinux is preventing /usr/bin/qemu-system-x86_64 from using the 'execmem' accesses on a process. time: Fri 02 Mar 2012 04:55:33 MSK description: :SELinux is preventing /usr/bin/qemu-system-x86_64 from using the 'execmem' accesses on a process. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that qemu-system-x86_64 should be allowed execmem access on processes labeled svirt_t by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep qemu-system-x86 /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:svirt_t:s0:c242,c779 :Target Context system_u:system_r:svirt_t:s0:c242,c779 :Target Objects [ process ] :Source qemu-system-x86 :Source Path /usr/bin/qemu-system-x86_64 :Port <Unknown> :Host (removed) :Source RPM Packages qemu-system-x86-0.15.1-4.fc16.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-75.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.7-1.fc16.x86_64 #1 SMP Tue Feb : 21 01:40:47 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen Fri 02 Mar 2012 04:45:07 MSK :Last Seen Fri 02 Mar 2012 04:45:07 MSK :Local ID 3b17fd0e-4676-41fb-8da5-9dc976914960 : :Raw Audit Messages :type=AVC msg=audit(1330649107.326:159): avc: denied { execmem } for pid=22719 comm="qemu-system-x86" scontext=system_u:system_r:svirt_t:s0:c242,c779 tcontext=system_u:system_r:svirt_t:s0:c242,c779 tclass=process : : :type=SYSCALL msg=audit(1330649107.326:159): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000000 a2=7 a3=62 items=0 ppid=1 pid=22719 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-system-x86 exe=/usr/bin/qemu-system-x86_64 subj=system_u:system_r:svirt_t:s0:c242,c779 key=(null) : :Hash: qemu-system-x86,svirt_t,svirt_t,process,execmem : :audit2allow : :#============= svirt_t ============== :allow svirt_t self:process execmem; : :audit2allow -R : :#============= svirt_t ============== :allow svirt_t self:process execmem; :
commit 78b78d0d60f548103afb8f690300020635a55496 Author: Miroslav Grepl <mgrepl> Date: Fri Mar 2 10:30:18 2012 +0000 Fix virt_use_execmem boolean
selinux-policy-3.10.0-80.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-80.fc16
Package selinux-policy-3.10.0-80.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-80.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-80.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-80.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
I have this error in Fedora 17 with selinux-policy-3.10.0-125.fc17.noarch
(In reply to comment #5) > I have this error in Fedora 17 with selinux-policy-3.10.0-125.fc17.noarch Forget this, I haven't installed qemu-kvm and had virt_use_execmem=off