[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] target/s390x/kvm: Fix problem when running with
From: |
Thomas Huth |
Subject: |
Re: [Qemu-devel] [PATCH] target/s390x/kvm: Fix problem when running with SELinux under z/VM |
Date: |
Fri, 24 Mar 2017 10:53:19 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 |
On 24.03.2017 10:38, Cornelia Huck wrote:
> On Fri, 24 Mar 2017 10:26:55 +0100
> Thomas Huth <address@hidden> wrote:
[...]
>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>> index ac47154..5167436 100644
>> --- a/target/s390x/kvm.c
>> +++ b/target/s390x/kvm.c
>> @@ -678,8 +678,7 @@ static void *legacy_s390_alloc(size_t size, uint64_t
>> *align)
>> {
>> void *mem;
>>
>> - mem = mmap((void *) 0x800000000ULL, size,
>> - PROT_EXEC|PROT_READ|PROT_WRITE,
>> + mem = mmap((void *) 0x800000000ULL, size, PROT_READ | PROT_WRITE,
>> MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
>> return mem == MAP_FAILED ? NULL : mem;
>> }
>
> Wouldn't it be better to adapt the SELinux rules?
I don't think that we want to change the default behavior of SELinux
here, since this is a security feature. Fortunately, there is already a
SELinux configuration variable available which can be used as a workaround:
setsebool virt_use_execmem 1
But still, it would be nicer, if things worked out of the box instead...
Thomas