SELinux, Execmem, QEMU, and LibVirt

Well, after having everything work fine in Fedora 22 with the proprietary fglrx 15.10 driver, I went to start up a VM (just a Fedora 22 guest, in fact), and I was greeted with failure in the following manner:

libvirtError: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: libGL.so.1: failed to map segment from shared object

So, I checked out my recent journal entries and find:

Jun 11 10:01:29 libvirtd[1302]: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: libGL.so.1: failed to map segment from shared object
Jun 11 10:01:29 libvirtd[1302]: failed to connect to monitor socket: No such process 
...
Jun 11 10:01:29 audit[9009]:  avc:  denied  { execmem } for  pid=9009 comm="qemu-system-x86" scontext=system_u:system_r:svirt_t:s0:c137,c325 tcontext=system_u:system_r:svirt_t:s0:c137,c325 tclass=process 

So, to temporarily resolve the matter, I execute:

$ sudo setsebool virt_use_execmem=on

And the matter is resolved (temporarily).  I did not permanently set the variable (you can do so with the -P option for setsebool) because I intend to attempt a reinstallation of my graphics drivers to see if that has any effect.  Booting into KDE yesterday morning, my screen configuration had somehow become incorrect (my dual monitor configuration became a mirrored configuration, and investigation in System Settings –> Display and Monitor showed the monitors arranged so that one was completely on top of the other.  When I separated them appropriately, my configuration returned to the normal dual monitor arrangement).  Though Steam throws no errors typical of a need to reinstall the driver, I may give it a shot anyway since this was previously working.

This bug appears to address this very issue, specifically referencing both the nVidia and fglrx proprietary drivers as causes.  My particular situation might shed a little more light on the matter given that my configuration functioned properly until something happened (likely as a result of recent package upgrades) that now causes a problem.  I’ll report back if I can figure anything else out.

Advertisements
This entry was posted in Information Technology and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s