Re: libvirt? qemu change that mmaps ELF files breaks libvirt svirt handling for os.kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/10/19 14:03, Christian Borntraeger wrote:
> Stefano, Paolo,
> 
> I have an interesting fail in QEMU 
> 
> 2019-10-04T12:00:32.675188Z qemu-system-s390x: GLib: g_mapped_file_unref: assertion 'file != NULL' failed
> that bisected to 
> commit 816b9fe450220e19acb91a0ce4a8ade7000648d1 (refs/bisect/bad)
>     elf-ops.h: Map into memory the ELF to load
> 
> strace tells that I can read the ELF file, but not mmap
> strace:
> 214365 openat(AT_FDCWD, "/var/lib/libvirt/images/test_cpu_timer.elf", O_RDONLY) = 36
> 214365 read(46, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0", 16) = 16
> 214365 lseek(46, 0, SEEK_SET)           = 0
> [...]
> 214365 fstat(46, {st_mode=S_IFREG|0755, st_size=168176, ...}) = 0
> 214365 mmap(NULL, 168176, PROT_READ|PROT_WRITE, MAP_PRIVATE, 46, 0) = -1 EACCES (Permission denied)
> 
> So reading from /var/lib/libvirt/images/test_cpu_timer.elf does work, mmaping does not.
> setenforce 0 makes the problem go away. 
> 
> This might be more of an issue in libvirt, setting the svirt context too
> restrictive, but I am not too deep into the svirt part of libvirt.
> Reverting the qemu commit makes the problem go away.

Yes, the policy is too restrictive in my opinion.

Can you include the output of "audit2allow" and/or "audit2allow -R"?

Thanks,

Paolo

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux