qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] target/s390x/kvm: Fix problem when running with

From: Thomas Huth
Subject: Re: [Qemu-devel] [PATCH] target/s390x/kvm: Fix problem when running with SELinux under z/VM
Date: Fri, 24 Mar 2017 10:53:19 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 
On 24.03.2017 10:38, Cornelia Huck wrote:
> On Fri, 24 Mar 2017 10:26:55 +0100
> Thomas Huth <address@hidden> wrote:
[...]
>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>> index ac47154..5167436 100644
>> --- a/target/s390x/kvm.c
>> +++ b/target/s390x/kvm.c
>> @@ -678,8 +678,7 @@ static void *legacy_s390_alloc(size_t size, uint64_t 
>> *align)
>>  {
>>      void *mem;
>>
>> -    mem = mmap((void *) 0x800000000ULL, size,
>> -               PROT_EXEC|PROT_READ|PROT_WRITE,
>> +    mem = mmap((void *) 0x800000000ULL, size, PROT_READ | PROT_WRITE,
>>                 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
>>      return mem == MAP_FAILED ? NULL : mem;
>>  }
> 
> Wouldn't it be better to adapt the SELinux rules?

I don't think that we want to change the default behavior of SELinux
here, since this is a security feature. Fortunately, there is already a
SELinux configuration variable available which can be used as a workaround:

 setsebool virt_use_execmem 1

But still, it would be nicer, if things worked out of the box instead...

 Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]