The following was filed automatically by setroubleshoot: Summary: SELinux is preventing libvirtd "write" access on libvirt. Detailed Description: [libvirtd has a permissive type (virtd_t). This access was not denied.] SELinux denied access requested by libvirtd. It is not expected that this access is required by libvirtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 Target Context system_u:object_r:svirt_cache_t:s0 Target Objects libvirt [ dir ] Source libvirtd Source Path /usr/sbin/libvirtd Port <Unknown> Host (removed) Source RPM Packages libvirt-0.7.1-0.1.git3ef2e05.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-4.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1 SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64 Alert Count 3 First Seen Wed 09 Sep 2009 04:49:26 PM EDT Last Seen Wed 09 Sep 2009 04:49:26 PM EDT Local ID 5e755ba1-99e0-498b-aa38-456b426feaed Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252529366.793:84): avc: denied { write } for pid=3424 comm="libvirtd" name="libvirt" dev=sda5 ino=163745 scontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_cache_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1252529366.793:84): avc: denied { add_name } for pid=3424 comm="libvirtd" name="qemu" scontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_cache_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1252529366.793:84): avc: denied { create } for pid=3424 comm="libvirtd" name="qemu" scontext=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:svirt_cache_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1252529366.793:84): arch=c000003e syscall=83 success=yes exit=0 a0=1444130 a1=1ff a2=0 a3=7fff1125a430 items=0 ppid=1 pid=3424 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="libvirtd" exe="/usr/sbin/libvirtd" subj=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= virtd_t ============== allow virtd_t svirt_cache_t:dir { write create add_name };
Fixed in selinux-policy-3.6.31-4.fc12.noarch