[libvirt] I have no idea why the current version of libvirt works for anyone in enforcing mode.
Daniel J Walsh
dwalsh at redhat.com
Fri Mar 13 13:44:15 UTC 2009
On 03/13/2009 06:19 AM, Daniel P. Berrange wrote:
> On Thu, Mar 12, 2009 at 01:39:13PM -0400, Daniel J Walsh wrote:
>> Libvirt is executing qemu requiring it to execute pulseaudio which would
>> require the folowing permissions,
>>
>> #============= svirt_t ==============
>> allow svirt_t admin_home_t:dir setattr;
>> allow svirt_t admin_home_t:file { read write };
>> allow svirt_t pulseaudio_port_t:tcp_socket name_connect;
>> allow svirt_t svirt_tmpfs_t:file read;
>> allow svirt_t user_tmpfs_t:file read;
>>
>> Since qemu(svirt_t) is not allowed these permissions, pulseaudio crashes
>> and qemu dies.
>
> I don't see it crashing - when I run with a guest with a sound device
> attached, I see the AVC denials, and QEMU just carries on without a
> active sound backend AFAICT.
>
>> I believe you need to run without sound if you are running as root.
>
> We can't disable sound unconditonally for root, because not everyone
> will be using SELinux so its still valid to allow sound cards. I think
> the focus has to be on stopping QEMU from crashing. It might actually
> be an SDL bug, rather than a QEMU bug, because I believe its SDL that
> is responsible for opening the sound devices.
>
> Daniel
How about if we check if you are running with svirt then don't execute
the code. Since I do not want to deal with these avc messages. Either
they will happen always and I have to dontaudit them in which case a
compromised svirt attacking the /root directory would be dontaudited, or
people are going to see avc's all the time.
More information about the libvir-list
mailing list