Bug 1969209

Summary: SELinux is preventing virtlogd from 'read, append' accesses on the file system.token
Product: Red Hat Enterprise Linux 9 Reporter: yalzhang <yalzhang>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: urgent Docs Contact:
Priority: high    
Version: 9.0CC: berrange, dwalsh, dzheng, extras-qa, fjin, grepl.miroslav, hhan, jsuchane, juzhou, lcheng, lizhu, lmen, lvrabec, meili, mmalik, mprivozn, mxie, nknazeko, omosnace, plautrba, qe-baseos-security, rjones, smitterl, ssekidde, virt-maint, vmojzis, wshi, xinma, yafu, yanqzhan, yidliu, yoguo, zpytela
Target Milestone: betaKeywords: Automation, Regression, TestBlocker, Triaged
Target Release: 9.0 BetaFlags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-34.1.9-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1966842 Environment:
Last Closed: 2021-12-07 21:35:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1964317, 1966842    
Bug Blocks: 910269    

Comment 1 yalzhang@redhat.com 2021-06-08 01:45:35 UTC 
Sorry to have so disordered description, I was updating it when I pressed a wrong key to submit it. Anyway the same issue as bug 1966842 happens on rhel 9 with below packages:
libvirt-7.4.0-1.el9.x86_64
selinux-policy-34.1.6-1.el9.noarch
Comment 2 Richard W.M. Jones 2021-06-08 09:22:44 UTC 
*** Bug 1969286 has been marked as a duplicate of this bug. ***
Comment 3 Zdenek Pytela 2021-06-09 16:37:17 UTC 
Note there is ongoing discussion in the parent bz#1964317.
Comment 5 Zdenek Pytela 2021-06-14 12:13:15 UTC 
Commit to backport:
commit 1f761d0bbdc08d21a91cdcbd1909ddb53858e354 (HEAD -> rawhide, upstream/rawhide)
Author: Zdenek Pytela <zpytela>
Date:   Fri Jun 11 22:39:47 2021 +0200

    Label /run/libvirt/common with virt_common_var_run_t
Comment 6 Richard W.M. Jones 2021-06-16 21:38:56 UTC 
FYI this prevents virt-v2v from running in RHEL 9:
https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/37540386?focus=id:b29f0199d85e4508aad026ef8a34597c871e16a0cc8ad8a92eeae319efc186af
Comment 14 mxie@redhat.com 2021-07-21 06:07:12 UTC 
*** Bug 1983965 has been marked as a duplicate of this bug. ***