Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

when I set selinux as enforcing,libvirt cannot create virtual machine because of Permission denied #711

Closed
JerryDevis opened this issue Jun 27, 2022 · 4 comments · Fixed by #712
Closed

when I set selinux as enforcing,libvirt cannot create virtual machine because of Permission denied #711

JerryDevis opened this issue Jun 27, 2022 · 4 comments · Fixed by #712

Comments

@JerryDevis
Copy link

When I set selinux as enforcing,libvirt cannot create virtual machine because of Permission denied. The log is as follows:

[root@localhost vtpm]# virsh create vm_tpm2_openeuler.xml
error: Failed to create domain from vm_tpm2_openeuler.xml
error: internal error: Could not start 'swtpm'. exitstatus: 126, error: libvirt:  error : cannot execute binary /usr/local/bin/swtpm: Permission denied

[root@localhost vtpm]# getenforce
Enforcing

[root@localhost vtpm]# ll -Z /usr/local/bin/swtpm
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 83K Jun 28 16:56 /usr/local/bin/swtpm
@stefanberger
Copy link
Owner

Did you run make selinux-install ?

@stefanberger
Copy link
Owner

make selinux-install currently only works with --prefix=/usr. So if you adapt your prefix to that it should work then.

stefanberger added a commit that referenced this issue Jun 27, 2022
@stefanberger
selinux: Replace hardcoded install path with @Prefix@
dca76d7 
Replace the hardcoded install path in src/selinux/swtpm.fc and
src/selinux/swtpmcuse.fc with @Prefix@ and append .in to these files so
that they are generated when running configure.

Add the selinux policy input files with their suffix to the CLEANFILES
variable so they get cleaned up and 'make distcheck' works.

Resolves: #711
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger stefanberger mentioned this issue Jun 27, 2022
Merged
@stefanberger
Copy link
Owner

PR #712 should resolve the issue for other prefixes than /usr. If you can , please give it a try.

@JerryDevis
Copy link
Author

PR #712 should resolve the issue for other prefixes than /usr. If you can , please give it a try.

ok,thanks.

stefanberger added a commit that referenced this issue Jun 28, 2022
@stefanberger
selinux: Replace hardcoded install path with @Prefix@
a772d48 
Replace the hardcoded install path in src/selinux/swtpm.fc and
src/selinux/swtpmcuse.fc with @Prefix@ and append .in to these files so
that they are generated when running configure.

Add the selinux policy input files with their suffix to the CLEANFILES
variable so they get cleaned up and 'make distcheck' works.

Resolves: #711
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

selinux: Replace hardcoded install path with @Prefix@ stefanberger/swtpm
2 participants
@stefanberger @JerryDevis