Description of problem: Redirecting USB device using virt-manager. SELinux is preventing qemu-system-x86 from 'read' accesses on the file c189:15. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che qemu-system-x86 dovrebbe avere possibilità di accesso read sui c189:15 file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep qemu-system-x86 /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:svirt_t:s0:c414,c1020 Target Context system_u:object_r:udev_var_run_t:s0 Target Objects c189:15 [ file ] Source qemu-system-x86 Source Path qemu-system-x86 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-152.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-10-31 20:21:13 CET Last Seen 2015-10-31 20:21:13 CET Local ID 1df3c6fc-8558-4581-96ab-0fbd4b92d0d6 Raw Audit Messages type=AVC msg=audit(1446319273.657:886): avc: denied { read } for pid=30447 comm="qemu-system-x86" name="c189:15" dev="tmpfs" ino=388874 scontext=system_u:system_r:svirt_t:s0:c414,c1020 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 Hash: qemu-system-x86,svirt_t,udev_var_run_t,file,read Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport
Description of problem: After upgrading from Fedora 22 to 23, USB smartcard redirection is no longer working. It still possible to redirect the device manually from the virtual machine manager, but redirection saved in the machine configuration doesn't work. Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.7-300.fc23.x86_64 type: libreport
Description of problem: I encounter this issue when redirecting (and performing the boot) with an usb-key, redirected from the host to the qemu-kvm guest. Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.3.3-300.fc23.x86_64 type: libreport
Description of problem: tried to boot a vm from a usb stick on the host Version-Release number of selected component: selinux-policy-3.13.1-158.2.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.3.3-303.fc23.x86_64 type: libreport
Description of problem: Added host USB device in Virt-Manager Version-Release number of selected component: selinux-policy-3.13.1-158.4.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.3.5-300.fc23.x86_64 type: libreport
Description of problem: First, I've got a Logitech C310 webcam, which works on a Linux host flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a new USB host device, vía virt-manager GUI. When I start the virtual machine, with the command "sudo virsh start win10", this error pops up. Windows 10 doesn't detect my webcam, even with the official drivers installed. Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.2-301.fc23.x86_64 type: libreport
Description of problem: I added an hos usb device but selinux is denying access. Version-Release number of selected component: selinux-policy-3.13.1-158.9.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.3-300.fc23.x86_64 type: libreport
Description of problem: start a virtual machine (Win 7) get this message. from SELinux I guess accessing USB ports should be an issue Version-Release number of selected component: selinux-policy-3.13.1-158.9.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.5-300.fc23.x86_64 type: libreport
Description of problem: everytime the virtual machine is started, even the policy has been executed many times... Version-Release number of selected component: selinux-policy-3.13.1-158.14.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-301.fc23.x86_64 type: libreport
*** Bug 1330809 has been marked as a duplicate of this bug. ***
Description of problem: try to add a usb device with virt-manager Version-Release number of selected component: selinux-policy-3.13.1-158.14.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.8-300.fc23.x86_64 type: libreport
Description of problem: I started a Fedora 24 virtual guest with activated VirGL 3D support after updating to selinux-policy-3.13.1-191.13.fc24 and fully relabelling the file system. Version-Release number of selected component: selinux-policy-3.13.1-191.13.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.7-300.fc24.x86_64 type: libreport
Description of problem: Assigning USB device to a VM Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.6-300.fc24.x86_64 type: libreport
(In reply to Rubén Lledó from comment #5) > Description of problem: > First, I've got a Logitech C310 webcam, which works on a Linux host > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > new USB host device, vía virt-manager GUI. When I start the virtual machine, > with the command "sudo virsh start win10", this error pops up. Windows 10 > doesn't detect my webcam, even with the official drivers installed. > > > Additional info: > reporter: libreport-2.6.4 > hashmarkername: setroubleshoot > kernel: 4.4.2-301.fc23.x86_64 > type: libreport As long as I'm concerned, It's was solved after upgrading to Fedora 25
(In reply to Rubén Lledó from comment #13) > (In reply to Rubén Lledó from comment #5) > > Description of problem: > > First, I've got a Logitech C310 webcam, which works on a Linux host > > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > > new USB host device, vía virt-manager GUI. When I start the virtual machine, > > with the command "sudo virsh start win10", this error pops up. Windows 10 > > doesn't detect my webcam, even with the official drivers installed. > > > > > > Additional info: > > reporter: libreport-2.6.4 > > hashmarkername: setroubleshoot > > kernel: 4.4.2-301.fc23.x86_64 > > type: libreport > > As long as I'm concerned, It's was solved after upgrading to Fedora 25 Fedora 24
(In reply to Rubén Lledó from comment #14) > (In reply to Rubén Lledó from comment #13) > > (In reply to Rubén Lledó from comment #5) > > > Description of problem: > > > First, I've got a Logitech C310 webcam, which works on a Linux host > > > flawlessly. Next, I "plug" it into my Windows 10 virtual machine by adding a > > > new USB host device, vía virt-manager GUI. When I start the virtual machine, > > > with the command "sudo virsh start win10", this error pops up. Windows 10 > > > doesn't detect my webcam, even with the official drivers installed. > > > > > > > > > Additional info: > > > reporter: libreport-2.6.4 > > > hashmarkername: setroubleshoot > > > kernel: 4.4.2-301.fc23.x86_64 > > > type: libreport > > > > As long as I'm concerned, It's was solved after upgrading to Fedora 25 > > Fedora 24 Using Fedora 24 and the bug is still around. It's more similar to the following bug which was closed as a duplicate of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=1330809 SELinux is preventing qemu-system-x86 from read access on the file +usb:2-1:1.0. Additional Information: Source Context system_u:system_r:svirt_t:s0:c334,c860 Target Context system_u:object_r:udev_var_run_t:s0 Target Objects +usb:2-1:1.0 [ file ] Source qemu-system-x86 Source Path qemu-system-x86 Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.7.2-201.fc24.x86_64 #1 SMP Fri Aug 26 15:58:40 UTC 2016 x86_64 x86_64 Alert Count 14 First Seen 2016-09-11 08:45:29 CEST Last Seen 2016-09-11 08:45:29 CEST Local ID d5b309c6-7dec-45e4-8acf-25d90d1b1de8 Raw Audit Messages type=AVC msg=audit(1473576329.938:1227): avc: denied { read } for pid=19292 comm="qemu-system-x86" name="+usb:2-1:1.0" dev="tmpfs" ino=17706 scontext=system_u:system_r:svirt_t:s0:c334,c860 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
selinux-policy-3.13.1-158.24.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524
selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524
selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.