Description of problem: Happens at every boot, whether or not Xen is in use. KVM and Xen are both installed, but the problem occurs even when the Xen hypervisor is not running. SELinux is preventing /usr/bin/touch from 'create' accesses on the file libvirt-guests. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that touch should be allowed create access on the libvirt-guests file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep touch /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:var_lock_t:s0 Target Objects libvirt-guests [ file ] Source touch Source Path /usr/bin/touch Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.4-301.fc21.x86_64 #1 SMP Thu Nov 27 19:09:10 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-12-09 20:47:53 EST Last Seen 2014-12-09 20:47:53 EST Local ID 1df37af1-70b0-4245-b093-ae05c16b0cb2 Raw Audit Messages type=AVC msg=audit(1418176073.927:80): avc: denied { create } for pid=782 comm="touch" name="libvirt-guests" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1418176073.927:80): arch=x86_64 syscall=open success=no exit=EACCES a0=7fff40365f4b a1=941 a2=1b6 a3=691 items=0 ppid=778 pid=782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=touch exe=/usr/bin/touch subj=system_u:system_r:init_t:s0 key=(null) Hash: touch,init_t,var_lock_t,file,create Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.x86_64 type: libreport Potential duplicate: bug 1065693
Description of problem: Occurs at boot; may be causing problems with VM creation Version-Release number of selected component: selinux-policy-3.13.1-99.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.x86_64 type: libreport
Demetrios, did you disable unconfined.pp module?
I must have -- enabling it fixed the problem.
9e7f833a8f80c0204612064adc6353819d8b5254 fixes this in git.
selinux-policy-3.13.1-105.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.fc21
Package selinux-policy-3.13.1-105.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-1337/selinux-policy-3.13.1-105.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.