tomas_m
n00b
Joined: 24 Oct 2016
Posts: 9
|
 Posted: Mon Nov 20, 2017 5:58 pm Post subject: SELinux and QEMU/kvm |
 |
|
Hi, I'm not new to Linux and not really new to Gentoo but very new to SELinux.
I managed to install it on Gentoo-hardened and with some help from the gentoo-hardened IRC, almost everything works fine now.
One of the 2 problems left is running VMs with Qemu+kvm.
I have some images in my home directory (format qcow2) and used to run them, simply with
| Quote: | | qemu-system-x86_64 -hda ~/vm/image.img -m 4G -enable-kvm -smp2 -smp ..... |
If I try to do that now with SELinux in enforcing mod it doesn't work.
When I try as root it says:
| Code: | Could not access KVM kernel module: Permission denied
qmemu-system-x86_64: failed to initialize KVM: Permission denied |
and as my user in the role of sysadm_r:
| Code: | | Could not open '~/vm/image.img': Permission denied |
Searching for SELinux alerts told me that SELinux blocks { read } when my source context is qemu_t and the target context is user_home_t (my image).
It also denies { read write } when my source context is sysadm_sudo_t (running qemu with sudo) and the target is kvm_device_t. |
|
Networking & Security
