[libvirt] I have no idea why the current version of libvirt works for anyone in enforcing mode.

Daniel J Walsh dwalsh at redhat.com
Fri Mar 13 17:11:36 UTC 2009 

On 03/13/2009 11:16 AM, Cole Robinson wrote:
> Daniel J Walsh wrote:
>> On 03/13/2009 09:49 AM, Daniel P. Berrange wrote:
>>> On Fri, Mar 13, 2009 at 09:44:15AM -0400, Daniel J Walsh wrote:
>>>> On 03/13/2009 06:19 AM, Daniel P. Berrange wrote:
>>>>> On Thu, Mar 12, 2009 at 01:39:13PM -0400, Daniel J Walsh wrote:
>>>>>> Libvirt is executing qemu requiring it to execute pulseaudio which would
>>>>>> require the folowing permissions,
>>>>>>
>>>>>> #============= svirt_t ==============
>>>>>> allow svirt_t admin_home_t:dir setattr;
>>>>>> allow svirt_t admin_home_t:file { read write };
>>>>>> allow svirt_t pulseaudio_port_t:tcp_socket name_connect;
>>>>>> allow svirt_t svirt_tmpfs_t:file read;
>>>>>> allow svirt_t user_tmpfs_t:file read;
>>>>>>
>>>>>> Since qemu(svirt_t) is not allowed these permissions, pulseaudio crashes
>>>>>> and qemu dies.
>>>>> I don't see it crashing - when I run with a guest with a sound device
>>>>> attached, I see the AVC denials, and QEMU just carries on without a
>>>>> active sound backend AFAICT.
>>>>>
>>>>>> I believe you need to run without sound if you are running as root.
>>>>> We can't disable sound unconditonally for root, because not everyone
>>>>> will be using SELinux so its still valid to allow sound cards. I think
>>>>> the focus has to be on stopping QEMU from crashing. It might actually
>>>>> be an SDL bug, rather than a QEMU bug, because I believe its SDL that
>>>>> is responsible for opening the sound devices.
>>>>>
>>>>> Daniel
>>>> How about if we check if you are running with svirt then don't execute
>>>> the code.  Since I do not want to deal with these avc messages.  Either
>>>> they will happen always and I have to dontaudit them in which case a
>>>> compromised svirt attacking the /root directory would be dontaudited, or
>>>> people are going to see avc's all the time.
>>> For that scenario I think it'd be better to make virt-manager prevent
>>> addition of sound hardware, since its in a position to give feedback
>>> to the user telling them why sound devices aren't allowed.
>>>
>>>
>>> Daniel
>> Well there is no protocol currently to tell virt-manager that the
>> libvirt is running with svirt.  I tried to remove a audio device via
>> virt-manager and it does nothing.  Also what happens when virt-manager
>> configures a remote libvirt?  Does the sound card automatically get added?
>>
>
> What does 'does nothing' mean? We can't hotunplug a sound card, you will
> need to restart the VM for the changes to take effect.
>
> virt-manager out of the box does not add a sound card for remote VMs,
> only local. The default can be changed via Edit->Preferences.
>
> - Cole


On a running vm, I tried to remove the sound card and nothing happened. 
  I just tried again on a stopped vm and it got removed.  If it is not 
able to remove the sound card on a running VM, then the remove button 
should be greyed out or it should remove it from the XML and explain to 
me it will happen on the next restart of the VM.

More information about the libvir-list mailing list