#681 closed defect (fixed)

selinux policy

Reported by:	Alexey Kuznetsov	Owned by:
Component:	other	Version:	VirtualBox 1.5.0
Keywords:		Cc:
Guest type:	other	Host type:	other

Description (last modified by Frank Mehnert)

[root@axet-laptop axet]# VirtualBox  -startvm localhost
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: /usr/lib/VBoxVMM.so: cannot restore segment prot after reloc: Permission denied

type=AVC msg=audit(1189629817.623:32): avc:  denied  { execmod } for  pid=3620 comm="VirtualBox" name="VBoxVMM.so" dev=sda2 ino=1311085 scontext=user_u:system_r:unconfin
ed_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1189629817.623:32): arch=40000003 syscall=125 success=no 
exit=-13 a0=119000 a1=e5000 a2=5 a3=bfb6fc00 items=0 ppid=3596 pid=3620 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="VirtualBox" exe="
/usr/lib/virtualbox/VirtualBox" subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC_PATH msg=audit(1189629817.623:32):  path="/usr/lib/VBoxVMM.so"

Change History (4)

comment:1 by Frank Mehnert, 18 years ago

Description:	modified (diff)

Which host Linux distribution, which install package did you use?

comment:2 by Nathan Wallwork, 17 years ago

I'm also seeing this problem, on a CentOS 5 host, with selinux in enforcing mode.

$ VirtualBox 
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: /usr/lib/virtualbox/VBoxVMM.so: cannot restore segment prot after reloc: Permission denied

I've just installed these RPMs:

  55858 Mar 26 11:46 dkms-2.0.17.5-2.el5.rf.noarch.rpm
 183716 Mar 26 11:46 iasl-0.20061109-1.i386.rpm
 664893 Mar 26 11:47 xerces-c-devel-2.7.0-1.el5.rf.i386.rpm
2096995 Mar 26 11:47 xalan-c-1.10.0-1.i386.rpm
1636770 Mar 26 11:47 xerces-c-2.7.0-1.el5.rf.i386.rpm
9128204 Mar 26 11:47 VirtualBox-OSE-1.5.2-2.el5.i386.rpm

This is the selinux audit message, from /var/log/audit/audit.log:

  type=SYSCALL msg=audit(1206556884.450:52): arch=40000003 syscall=125 success=no exit=-13 a0=110000 a1=e4000 a2=5 a3=bfe51430 items=0 ppid=3941 pid=4295 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4 comm="VirtualBox" exe="/usr/lib/virtualbox/VirtualBox" subj=user_u:system_r:unconfined_t:s0 key=(null)

System details:

$ uname -a 
Linux hostname.example.com 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:36:49 EST 2008 i686 i686 i386 GNU/Linux

comment:3 by Nathan Wallwork, 17 years ago

I've found a solution, with hints from http://www.virtualbox.org/changeset/3054

$ VirtualBox 
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: /usr/lib/virtualbox/VBoxVMM.so: cannot restore segment prot after reloc: Permission denied
$ ls -lZ /usr/lib/virtualbox/VBoxVMM.so 
-rw-r--r--  root root system_u:object_r:lib_t          /usr/lib/virtualbox/VBoxVMM.so
$ chcon -t texrel_shlib_t /usr/lib/virtualbox/VBoxVMM.so 
$ VirtualBox 
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: /usr/lib/virtualbox/VBoxREM.so: cannot restore segment prot after reloc: Permission denied
$ chcon -t texrel_shlib_t /usr/lib/virtualbox/*.so
$ VirtualBox 
[program starts]

So the workaround is:

chcon -t texrel_shlib_t /usr/lib/virtualbox/*.so

comment:4 by Sander van Leeuwen, 17 years ago

Resolution:	→ fixed
Status:	new → closed

This was fixed in 1.5.4 or 1.5.6. Please try the latest release.

Note: See TracTickets for help on using tickets.

Download in other formats: