On Wed, Feb 13, 2008 at 11:51 AM, Tom London <selinux@xxxxxxxxx> wrote:
> Hadn't run qemu-kvm for a bit.
>
> Now get this AVC (both enforcing/targeted):
>
>
> type=AVC msg=audit(1202932089.281:48): avc: denied { execmem } for
> pid=10351 comm="qemu-kvm"
> scontext=unconfined_u:unconfined_r:unconfined_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1202932089.281:48): arch=40000003 syscall=125
> success=no exit=-13 a0=8df0000 a1=1001000 a2=7 a3=a7d5358 items=0
> ppid=3049 pid=10351 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="qemu-kvm"
> exe="/usr/bin/qemu-kvm" subj=unconfined_u:unconfined_r:unconfined_t:s0
> key=(null)
>
> Not sure if it interferes with anything....
>
Believe this causes this:
Feb 14 07:55:10 localhost kernel: qemu-kvm[7350] general protection
ip:80d6ffd sp:bfb48e40 error:0 in qemu-kvm[8047000+12d000]
Feb 14 07:55:10 localhost setroubleshoot: SELinux is preventing
qemu-kvm from changing a writable memory segment executable. For
complete SELinux messages. run sealert -l
f7ee40db-9506-48d2-bde6-396eb39ef085
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
