Description of problem: libvirt-0.4.3 added support for NUMA and vCPU pinning in QEmu http://git.et.redhat.com/?p=libvirt.git;a=commit;h=6aaea11636ba5674d30c94b8ff8659736ca78248 running with SELinux enabled gives: avc: denied { getsched } for pid=6231 comm="libvirtd" scontext=unconfined_u:system_r:virtd_t:s0 tcontext=unconfined_u:system_r:virtd_t:s0 tclass=process avc: denied { setsched } for pid=6231 comm="libvirtd" scontext=unconfined_u:system_r:virtd_t:s0 tcontext=unconfined_u:system_r:qemu_t:s0 tclass=process Version-Release number of selected component (if applicable): libvirt-0.4.3-1 selinux-policy-targeted-3.3.1-64 How reproducible: always Steps to Reproduce: 1. setenforce 1 2. virsh start node3 (for example) 3. Actual results: libvir: QEMU error : internal error failed to set CPU affinity Permission denied error: Failed to start domain node3 Expected results: Domain node3 started Additional info:
Created attachment 309910 [details] Compled SELinux policy module for libvirt-0.4.3-1 audit2allow generated SELinux policy module: module libvirt043 1.0; require { type virtd_t; type qemu_t; class process { setsched getsched }; } #============= virtd_t ============== allow virtd_t qemu_t:process setsched; allow virtd_t self:process getsched; Attached is compiled module which you can install with: semodule -i libvirt043.pp
Fixed in selinux-policy-3.3.1-68.fc9.noarch
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.