Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1131651

Summary: SELinux causes virt-manager vm creation to fail
Product: [Fedora] Fedora Reporter: Mairi Dulaney <jdulaney>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 21CC: agedosier, berrange, clalancette, crobinso, dominick.grift, dwalsh, itamar, jforbes, laine, libvirt-maint, lvrabec, mgrepl, robatino, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-21 16:33:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1043124    

Description Mairi Dulaney 2014-08-19 18:26:50 UTC 
Description of problem:
If selinux is set to enforcing, receive the following when attempting to create a vm in virt-manager:


    Unable to complete install: 'internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
    '
     
    Traceback (most recent call last):
      File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in cb_wrapper
        callback(asyncjob, *args, **kwargs)
      File "/usr/share/virt-manager/virtManager/create.py", line 1787, in do_install
        guest.start_install(meter=meter)
      File "/usr/share/virt-manager/virtinst/guest.py", line 403, in start_install
        noboot)
      File "/usr/share/virt-manager/virtinst/guest.py", line 467, in _create_guest
        dom = self.conn.createLinux(start_xml or final_xml, 0)
      File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3361, in createLinux
        if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
    libvirtError: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
     




Version-Release number of selected component (if applicable):
3.13.1-72.fc21

How reproducible:
Always

Steps to Reproduce:
1. Ensure selinux is enforcing
2. Attempt to create a vm using virt-manager

Actual results:
Dies with the above pypuke

Expected results:
vm installs
Profit
Comment 1 Mairi Dulaney 2014-08-19 18:34:31 UTC 
Proposing as a beta blocker bug under the  Self hosting virtualization criteria.
Comment 2 Daniel Walsh 2014-08-19 20:21:45 UTC 
What AVC's are you seeing?

Looks like you need to turn on the virt_use_execmem boolean.

I think we can fix this long term if we just change libvirt to use a different type for containers running with qemu-kvm versus qemu-system
Comment 3 Daniel Walsh 2014-08-19 20:23:02 UTC 
This works the same way in Fedora 20 BTW, so it is not a blocker.
Comment 4 Cole Robinson 2014-08-21 16:33:05 UTC 

*** This bug has been marked as a duplicate of bug 1118504 ***