| Summary: | virt-manager fails to start any VM, SELinux policy denies access | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Chris Murphy <bugzilla> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 24 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, sgallagh | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-08-24 21:35:04 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Created attachment 1193805 [details]
journal
portion of journal when VM is started, error received
Aug 24 13:40:49 f24m virtlogd[3675]: Cannot open log file: '/var/log/libvirt/qemu/uefi2.log': Device or resource busy Bogus, still says this after a reboot. It's not busy. ls -lZ shows the label on everything in that path is system_u:object_r:virt_log_t:s0 *** This bug has been marked as a duplicate of bug 1368745 *** |
Description of problem: VM's fail to boot in virt-manager which reports SELinux policy denies access. Version-Release number of selected component (if applicable): selinux-policy-3.13.1-191.12.fc24.noarch systemd-229-13.fc24.x86_64 How reproducible: Always Steps to Reproduce: 1. Start any VM. 2. 3. Actual results: SELinux policy denies access. Expected results: Should start VM. Additional info: System has had 'restorecon -rv' applied, the problem still happens. System rebooted with enforcing=0 and the problem doesn't happen. ausearch -m AVC doesn't show anything, but in the journal I see Aug 24 13:40:49 f24m audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 cmdline="/usr/lib/systemd/systemd-machined" scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' So I suppose it could be a systemd bug as that too was recently updated.