1369954 – virt-manager fails to start any VM, SELinux policy denies access

Bug 1369954 - virt-manager fails to start any VM, SELinux policy denies access

Summary: virt-manager fails to start any VM, SELinux policy denies access

Keywords:
Status:	CLOSED DUPLICATE of bug 1368745
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	24
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-24 21:15 UTC by Chris Murphy
Modified:	2016-08-24 21:35 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-08-24 21:35:04 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
journal (8.87 KB, text/plain) 2016-08-24 21:16 UTC, Chris Murphy	no flags	Details
View All

Description Chris Murphy 2016-08-24 21:15:47 UTC

Description of problem:

VM's fail to boot in virt-manager which reports SELinux policy denies access.


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-191.12.fc24.noarch
systemd-229-13.fc24.x86_64

How reproducible:
Always


Steps to Reproduce:
1. Start any VM.
2.
3.

Actual results:

SELinux policy denies access.

Expected results:

Should start VM.

Additional info:

System has had 'restorecon -rv' applied, the problem still happens.

System rebooted with enforcing=0  and the problem doesn't happen.

ausearch -m AVC doesn't show anything, but in the journal I see

Aug 24 13:40:49 f24m audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=n/a uid=0 gid=0 cmdline="/usr/lib/systemd/systemd-machined" scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system
                                exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

So I suppose it could be a systemd bug as that too was recently updated.

Comment 1 Chris Murphy 2016-08-24 21:16:52 UTC

Created attachment 1193805 [details]
journal

portion of journal when VM is started, error received

Comment 2 Chris Murphy 2016-08-24 21:19:05 UTC

Aug 24 13:40:49 f24m virtlogd[3675]: Cannot open log file: '/var/log/libvirt/qemu/uefi2.log': Device or resource busy

Bogus, still says this after a reboot. It's not busy. ls -lZ shows the label on everything in that path is system_u:object_r:virt_log_t:s0

Comment 3 Chris Murphy 2016-08-24 21:35:04 UTC


*** This bug has been marked as a duplicate of bug 1368745 ***

Note You need to log in before you can comment on or make changes to this bug.