Created attachment 1192967 [details] update info.txt Description of problem: VM's can't be started neither form virt-manager gui nor from virsh because of selinux. The problem appeared after update and reboot (see attachments for update description). Version-Release number of selected component (if applicable): libvirt-daemon.x86_64 1.3.3.2-1.fc24 @updates selinux-policy.noarch 3.13.1-191.12.fc24 @updates selinux-policy-targeted.noarch 3.13.1-191.12.fc24 @updates systemd-container.x86_64 229-13.fc24 @updates virt-manager.noarch 1.4.0-3.fc24 @updates How reproducible: 100% Steps to Reproduce: 1. Make sure there is working vm in virt-manager 2. Start the vm in virt-manager Actual results: Error popup "Selinux policy denies access" with python stacktrace: Error starting domain: SELinux policy denies access. Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1404, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1035, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: SELinux policy denies access. Expected results: VM started Additional info:
from /var/log/audit/audit.log: type=USER_AVC msg=audit(1471881821.995:560): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 cmdline="/usr/lib/systemd/systemd-machined" scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
*** Bug 1368959 has been marked as a duplicate of this bug. ***
Apparently, things broke after selinux-policy had been updated, libvirt was not updated at all.
Try turning off the dontaudit rules semodule -DB And try again. Then check the avc's to see if there is anything related to virt or qemu. Turn the dontaudit rules back on with: semodule -B
Duplicate of bug 1368745?
*** This bug has been marked as a duplicate of bug 1368745 ***