While creating SELinux policy rules for running swtpm with QEMU started by libvirt, I came across the following rules that are needed to start a QEMU VM with libvirt 4.4. If I recall correctly something change in 4.4 related to Unix sockets and QEMU monitor. So, here are the needed rules: allow svirt_t virtd_t:unix_stream_socket { read write getopt getattr accept }; allow svirt_tcg_t virtd_t:unix_stream_socket { read write getopt getattr accept };
commit 2db798fbe957b98580fd0ff5be65109aef5bf230 (HEAD -> rawhide, origin/rawhide, origin/HEAD) Author: Lukas Vrabec <lvrabec> Date: Mon Oct 8 19:23:49 2018 +0200 Allow virt_domain to read/write to virtd_t unix_stream socket because of new version of libvirt 4.4. BZ(1635803)
selinux-policy-3.14.2-37.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b1d8c6335d
selinux-policy-3.14.2-37.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b1d8c6335d
selinux-policy-3.14.2-37.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.