User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Build Identifier: I am running Fedora 30 workstation with kernel 5.1.17-300. Specifically, when I start a Fedora 30 Server edition ISO (to begin the install process) I get multiple AVC denials: ---- time->Wed Jul 17 20:32:48 2019 type=AVC msg=audit(1563420768.801:350): avc: denied { add_name } for pid=8998 comm="qemu-sy:disk$0" name="ae0b92b46123df5af1d1306e9373c7423f3069.tmp" scontext=unconfined_u:unconfined_r:svirt_t:s0:c134,c240 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=dir permissive=0 ---- time->Wed Jul 17 20:32:48 2019 type=AVC msg=audit(1563420768.805:351): avc: denied { add_name } for pid=8998 comm="qemu-sy:disk$0" name="176e23b8de8b7a885d5c3545acb1691ca33fb4.tmp" scontext=unconfined_u:unconfined_r:svirt_t:s0:c134,c240 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=dir permissive=0 I am still able to continue on and install the Fedora Server VM, but every time I start the VM, the AVC denials pop up. I have many other installed VMs (RHEL 8, Windows 10, Fedora 30 XFCE spin, Ubuntu 18.04) and none of them cause AVC denials at all. Reproducible: Always Steps to Reproduce: 1. Download Fedora 30 Server edition ISO on Fedora 30 Workstation computer 2. Create new VM for Fedora 30 Server in Gnome Boxes 3. Start Fedora 30 Server VM in Gnome Boxes Actual Results: AVC denials occur once the new VM starts Expected Results: No AVC denials occur when starting Fedora 30 Server
FEDORA-2019-b156bd756a has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b156bd756a
selinux-policy-3.14.3-41.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b156bd756a
selinux-policy-3.14.3-41.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
I've upgraded my system to kernel 5.1.18-300.fc30.x86_64 The SELinux packages have also been upgraded as follows: selinux-policy-targeted-3.14.3-41.fc30.noarch python2-libselinux-2.9-1.fc30.x86_64 flatpak-selinux-1.4.2-2.fc30.x86_64 tpm2-abrmd-selinux-2.0.0-4.fc30.noarch selinux-policy-3.14.3-41.fc30.noarch libselinux-2.9-1.fc30.x86_64 python3-libselinux-2.9-1.fc30.x86_64 libselinux-utils-2.9-1.fc30.x86_64 rpm-plugin-selinux-4.14.2.1-4.fc30.1.x86_64 Boxes still throws AVC denials when starting a Fedora 30 Server edition ISO. ---- time->Mon Jul 22 19:43:15 2019 type=AVC msg=audit(1563849795.026:298): avc: denied { add_name } for pid=3240 comm="qemu-sy:disk$0" name="ae0b92b46123df5af1d1306e9373c7423f3069.tmp" scontext=unconfined_u:unconfined_r:svirt_t:s0:c989,c1001 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=dir permissive=0 ---- time->Mon Jul 22 19:43:15 2019 type=AVC msg=audit(1563849795.033:299): avc: denied { add_name } for pid=3240 comm="qemu-sy:disk$0" name="176e23b8de8b7a885d5c3545acb1691ca33fb4.tmp" scontext=unconfined_u:unconfined_r:svirt_t:s0:c989,c1001 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=dir permissive=0
I've upgraded my system to the latest kernel and SELinux packages. 5.1.20-300.fc30.x86_64 selinux-policy-targeted-3.14.3-42.fc30.noarch python2-libselinux-2.9-1.fc30.x86_64 tpm2-abrmd-selinux-2.0.0-4.fc30.noarch selinux-policy-3.14.3-42.fc30.noarch libselinux-2.9-1.fc30.x86_64 python3-libselinux-2.9-1.fc30.x86_64 libselinux-utils-2.9-1.fc30.x86_64 flatpak-selinux-1.4.2-3.fc30.x86_64 rpm-plugin-selinux-4.14.2.1-4.fc30.1.x86_64 With the latest update, I've successfully installed, and used, Fedora Server edition ISO in Boxes without any AVC denials popping up. This issue appears to be solved.