[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

disable selinux for kvm share folder?


#1

In kvm with fedora host isn’t alow shared folder because of selinux. Is posible to disable selinux , but is this safe? and if will disable will alow for sure the shared folder?


Problems with File-Sharing between Host and Guest
#2

There’s no need to disable SELinux.

e.g.
host os: Fedora 23

# example 1
mkdir /mnt/whonix_shared
chmod 777 /mnt/whonix_shared
chcon -t var_t /mnt/whonix_shared

# example 2
mkdir /srv/whonix_shared
chmod 777 /srv/whonix_shared
# the next step is no need if the directory in /srv
# chcon -t var_t /srv/whonix_shared

#3

I all ready try the chcon command on fedora 21 , not work , however i believe not work because i try it in fedora 21 and not 23 or because of the directory : /srv (i was not use /srv) , looks like not work because of fedora 21 ver. because i try chcon and not work still .


#4

I’ve just tested it on Fedora 21. There is no problem.
The problem you have should irrelevant to SELinux.


#5

shared folder kvm whonix 11 works with fedora 21 host. The workaround :
install policycoreutils-gui , run it and set enforcing mode to permissive from enforcing , install users and groups , run it and go: users/your username/properties/groups/check the root and ok, then go: groups/your username/properties/group users/check the root and ok, then if not allready done the directions for sharing folder kvm on whonix documentation, do that , then evry time when boot in whonix guests must mount the folder if you want to use it, if set fstab for automount automaticaly , in guest booting will stop the booting and show a message by apparmor , you can pass that but guest will boot in emergency mode? i dont know if that is security risk so better don’t edit fstab for automount the shared folder , except if you know that is not a security risk.
If thing that disable selinux is security risk , that is a way for sharing folder, if use usb for transfer files from guest that is again discuraged by whonix maintainers for security reasons, i dont know if take place for security ’ that the usb drive\flash will luks encrypted