[libvirt] I have no idea why the current version of libvirt works for anyone in enforcing mode.

Cole Robinson crobinso at redhat.com
Fri Mar 13 15:16:50 UTC 2009 

Daniel J Walsh wrote:
> On 03/13/2009 09:49 AM, Daniel P. Berrange wrote:
>> On Fri, Mar 13, 2009 at 09:44:15AM -0400, Daniel J Walsh wrote:
>>> On 03/13/2009 06:19 AM, Daniel P. Berrange wrote:
>>>> On Thu, Mar 12, 2009 at 01:39:13PM -0400, Daniel J Walsh wrote:
>>>>> Libvirt is executing qemu requiring it to execute pulseaudio which would
>>>>> require the folowing permissions,
>>>>>
>>>>> #============= svirt_t ==============
>>>>> allow svirt_t admin_home_t:dir setattr;
>>>>> allow svirt_t admin_home_t:file { read write };
>>>>> allow svirt_t pulseaudio_port_t:tcp_socket name_connect;
>>>>> allow svirt_t svirt_tmpfs_t:file read;
>>>>> allow svirt_t user_tmpfs_t:file read;
>>>>>
>>>>> Since qemu(svirt_t) is not allowed these permissions, pulseaudio crashes
>>>>> and qemu dies.
>>>> I don't see it crashing - when I run with a guest with a sound device
>>>> attached, I see the AVC denials, and QEMU just carries on without a
>>>> active sound backend AFAICT.
>>>>
>>>>> I believe you need to run without sound if you are running as root.
>>>> We can't disable sound unconditonally for root, because not everyone
>>>> will be using SELinux so its still valid to allow sound cards. I think
>>>> the focus has to be on stopping QEMU from crashing. It might actually
>>>> be an SDL bug, rather than a QEMU bug, because I believe its SDL that
>>>> is responsible for opening the sound devices.
>>>>
>>>> Daniel
>>> How about if we check if you are running with svirt then don't execute
>>> the code.  Since I do not want to deal with these avc messages.  Either
>>> they will happen always and I have to dontaudit them in which case a
>>> compromised svirt attacking the /root directory would be dontaudited, or
>>> people are going to see avc's all the time.
>> For that scenario I think it'd be better to make virt-manager prevent
>> addition of sound hardware, since its in a position to give feedback
>> to the user telling them why sound devices aren't allowed.
>>
>>
>> Daniel
> Well there is no protocol currently to tell virt-manager that the 
> libvirt is running with svirt.  I tried to remove a audio device via 
> virt-manager and it does nothing.  Also what happens when virt-manager 
> configures a remote libvirt?  Does the sound card automatically get added?
> 

What does 'does nothing' mean? We can't hotunplug a sound card, you will
need to restart the VM for the changes to take effect.

virt-manager out of the box does not add a sound card for remote VMs,
only local. The default can be changed via Edit->Preferences.

- Cole

More information about the libvir-list mailing list