1131651 – SELinux causes virt-manager vm creation to fail

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1131651 - SELinux causes virt-manager vm creation to fail

Summary: SELinux causes virt-manager vm creation to fail

Keywords:
Status:	CLOSED DUPLICATE of bug 1118504
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	21
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F21BetaBlocker
TreeView+	depends on / blocked

Reported:	2014-08-19 18:26 UTC by Mairi Dulaney
Modified:	2014-08-21 16:33 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-08-21 16:33:05 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mairi Dulaney 2014-08-19 18:26:50 UTC

Description of problem:
If selinux is set to enforcing, receive the following when attempting to create a vm in virt-manager:


    Unable to complete install: 'internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
    '
     
    Traceback (most recent call last):
      File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in cb_wrapper
        callback(asyncjob, *args, **kwargs)
      File "/usr/share/virt-manager/virtManager/create.py", line 1787, in do_install
        guest.start_install(meter=meter)
      File "/usr/share/virt-manager/virtinst/guest.py", line 403, in start_install
        noboot)
      File "/usr/share/virt-manager/virtinst/guest.py", line 467, in _create_guest
        dom = self.conn.createLinux(start_xml or final_xml, 0)
      File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3361, in createLinux
        if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
    libvirtError: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: librados.so.2: cannot enable executable stack as shared object requires: Permission denied
     




Version-Release number of selected component (if applicable):
3.13.1-72.fc21

How reproducible:
Always

Steps to Reproduce:
1. Ensure selinux is enforcing
2. Attempt to create a vm using virt-manager

Actual results:
Dies with the above pypuke

Expected results:
vm installs
Profit

Comment 1 Mairi Dulaney 2014-08-19 18:34:31 UTC

Proposing as a beta blocker bug under the  Self hosting virtualization criteria.

Comment 2 Daniel Walsh 2014-08-19 20:21:45 UTC

What AVC's are you seeing?

Looks like you need to turn on the virt_use_execmem boolean.

I think we can fix this long term if we just change libvirt to use a different type for containers running with qemu-kvm versus qemu-system

Comment 3 Daniel Walsh 2014-08-19 20:23:02 UTC

This works the same way in Fedora 20 BTW, so it is not a blocker.

Comment 4 Cole Robinson 2014-08-21 16:33:05 UTC


*** This bug has been marked as a duplicate of bug 1118504 ***

Note You need to log in before you can comment on or make changes to this bug.