On 24.03.2017 10:38, Cornelia Huck wrote:
> On Fri, 24 Mar 2017 10:26:55 +0100
> Thomas Huth <th...@redhat.com> wrote:
[...]
>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>> index ac47154..5167436 100644
>> --- a/target/s390x/kvm.c
>> +++ b/target/s390x/kvm.c
>> @@ -678,8 +678,7 @@ static void *legacy_s390_alloc(size_t size, uint64_t
>> *align)
>> {
>> void *mem;
>>
>> - mem = mmap((void *) 0x800000000ULL, size,
>> - PROT_EXEC|PROT_READ|PROT_WRITE,
>> + mem = mmap((void *) 0x800000000ULL, size, PROT_READ | PROT_WRITE,
>> MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
>> return mem == MAP_FAILED ? NULL : mem;
>> }
>
> Wouldn't it be better to adapt the SELinux rules?
I don't think that we want to change the default behavior of SELinux
here, since this is a security feature. Fortunately, there is already a
SELinux configuration variable available which can be used as a workaround:
setsebool virt_use_execmem 1
But still, it would be nicer, if things worked out of the box instead...
Thomas
