Description of problem: With bug #2207940 we are introducing a new qemu-kvm feature that requires new selinux rules to work properly in enforcing mode. selinux denials are available at https://bugzilla.redhat.com/attachment.cgi?id=1967827 For instructions on how to get the test packages and the testing procedure please see bug #2207940
Tested 20230628 rebase from https://copr.fedorainfracloud.org/coprs/g/centos-automotive-sig/dui/builds/ on a clean CentOS Stream 9 system as root user and worked flawlessly without any selinux denial. selinux-policy-targeted-38.1.15-1.el9.noarch # cat run-script.sh #!/usr/bin/bash /usr/libexec/qemu-kvm \ --hda /var/lib/libvirt/images/centos.qcow2 \ -display dbus -device virtio-vga \ -cpu host -m 4G -smp 2 -enable-kvm \ --cdrom /var/lib/libvirt/images/CentOS-Stream-9-latest-x86_64-boot.iso # cat view.sh podman run -e DISPLAY \ -v /run/user/0/:/run/user/0/ \ -e XDG_RUNTIME_DIR=/run/user/0 --ipc host \ -e DBUS_SESSION_BUS_ADDRESS \ --mount "type=bind,$(echo "${DBUS_SESSION_BUS_ADDRESS}" | sed -e 's/unix:path=\(.\+\)/src=\1,dst=\1/')" \ --security-opt label=disable \ --privileged --rm -it \ quay.io/alesgar/libmks Perhaps we can close this BZ.
Closing as per comment #2