Description of problem: When trying to use hypervkvpd (to let a Hyper-V host see a Linux guest's IP address) I have found that no information is transferred unless selinux is disabled. Version-Release number of selected component (if applicable): Fedora 21 kernel-core-3.18.7-200.fc21.x86_64 selinux-policy-3.13.1-105.3.fc21.noarch How reproducible: Reproducible every time. Steps to Reproduce: 1. Boot Fedora 21 cloud image. 2. Run /usr/sbin/hypervkvpd 3. On the Windows host's powershell run something like (get-vm "Fedora 21 Cloud").NetworkAdapters[0].IPAddresses Actual results: Nothing. Expected results: IPv4 and IPv6 address to be returned. Additional info: There is basically nothing in /var/log/audit/audit.log related to this issue: type=SERVICE_START msg=audit(1424447753.534:41): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="hypervkvpd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' That doesn't look like a denial to me. Additionally being in permissive mode doesn't help at all. The only thing that seems to resolve the problem is editing /etc/selinux/config and setting SELINUX=disabled then rebooting (then the powershell commands work after hypervkvpd is run). I've done a relabel via touch /.autorelabel but that didn't help issues...
Hi, use: # semodule -DB then try to reprouce your issue and check for AVC again.
Created attachment 994027 [details] audit.log No change. Attaching logs.
Created attachment 994028 [details] journalctl
OK I've retried this again several times since and it seems it's the hypervkvpd.service that is generically flakey (restarting it after the system has started resolves the problem) and it has nothing to do with selinux. Resolving NOTABUG.