Description of problem: It seems that when virt-manager creates a new disk image, selinux blocks it from setting the file owner. This error started happening when I made some extra storage for virtual machine images on a new hard drive. I figure rcp-virtstorage, should in fact be able to set ids, so I'm reporting this as a bug, and have made a local policy to allow it in the meantime. SELinux is preventing rpc-virtstorage from using the 'fsetid' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that rpc-virtstorage should have the fsetid capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpc-virtstorage' --raw | audit2allow -M my-rpcvirtstorage # semodule -X 300 -i my-rpcvirtstorage.pp Additional Information: Source Context system_u:system_r:virtstoraged_t:s0 Target Context system_u:system_r:virtstoraged_t:s0 Target Objects Unknown [ capability ] Source rpc-virtstorage Source Path rpc-virtstorage Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-41.36-1.fc42.noarch Local Policy RPM selinux-policy-targeted-41.36-1.fc42.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025 x86_64 Alert Count 1 First Seen 2025-04-18 11:00:50 EDT Last Seen 2025-04-18 11:00:50 EDT Local ID aea7a394-d428-4931-b672-380359829346 Raw Audit Messages type=AVC msg=audit(1744988450.23:416): avc: denied { fsetid } for pid=8412 comm="rpc-virtstorage" capability=4 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:system_r:virtstoraged_t:s0 tclass=capability permissive=1 Hash: rpc-virtstorage,virtstoraged_t,virtstoraged_t,capability,fsetid Version-Release number of selected component: selinux-policy-targeted-41.36-1.fc42.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing rpc-virtstorage from using the 'fsetid' capabilities. package: selinux-policy-targeted-41.36-1.fc42.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.14.2-300.fc42.x86_64 comment: It seems that when virt-manager creates a new disk image, selinux blocks it from setting the file owner. This error started happening when I made some extra storage for virtual machine images on a new hard drive. I figure rcp-virtstorage, should in fact be able to set ids, so I'm reporting this as a bug, and have made a local policy to allow it in the meantime. component: selinux-policy
Created attachment 2085763 [details] File: description
Created attachment 2085764 [details] File: os_info
FEDORA-2025-d1510e7fa1 (selinux-policy-41.39-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-d1510e7fa1
FEDORA-2025-d1510e7fa1 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d1510e7fa1` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d1510e7fa1 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-d1510e7fa1 (selinux-policy-41.39-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.