Bug 1265189 - Can not start VM after updating selinux-policy
Can not start VM after updating selinux-policy
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-22 06:58 EDT by Tomáš Hozza
Modified: 2015-09-25 03:55 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-25 03:55:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomáš Hozza 2015-09-22 06:58:30 EDT
Description of problem:
I can not start VM after updating selinux-policy

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. start VM in virt-manager

Actual results:
Error from virt-manager

Error starting domain: SELinux policy denies access.

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1423, in startup
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1007, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: SELinux policy denies access.

Expected results:
no error
Comment 1 Daniel Walsh 2015-09-22 09:02:36 EDT
Any AVC messages?

ausearch -m avc, user_avc -ts recent
Comment 2 Miroslav Grepl 2015-09-23 12:07:12 EDT
Could you also try to reload libvirtd?
Comment 3 Tomáš Hozza 2015-09-24 03:12:03 EDT
Unfortunately after rebooting everything works also in Enforcing mode. Therefore I can not provide further information. Feel free to close this Bug. I'll reopen if I have some useful information.

Thank you.
Comment 4 Miroslav Grepl 2015-09-25 03:55:17 EDT
I believe it releates with SELinux class changes and SELinux aware apps. Reboot fix it and we have fixes in the latest f22 update.

Note You need to log in before you can comment on or make changes to this bug.