Description of problem: When trying to use a block device as virtual disk (e.g. <disk type='block' device='disk'> <source dev='/dev/mapper/vg00-bench--os'/> <target dev='vda' bus='virtio'/> </disk> ), I get permission errors like type=1400 audit(1238755679.291:16): avc: denied { getattr } for pid=3318 comm="qemu-kvm" path="/dev/mapper/vg00-bench--os" dev=tmpfs ino=9246 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file type=1400 audit(1238755679.291:17): avc: denied { read } for pid=3318 comm="qemu-kvm" name="vg00-bench--os" dev=tmpfs ino=9246 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Version-Release number of selected component (if applicable): kvm-74-10.fc10.x86_64 libvirt-0.5.1-2.fc10.x86_64 selinux-policy-targeted-3.5.13-53.fc10.noarch Additional info: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 23 Policy from config file: targeted
You must tell SELinux about qemu using this block device # semanage fcontext -t virt_image_t /dev/mapper/vg00-bench--os udev should set this label on boot which should fix your problem. libvirt in rawhide will make this more automatic.