Description of problem: SELinux consistently blocks qemu in virt-manager from running image, even after fixes applied multiple times. Version-Release number of selected component (if applicable): qemu-system-x86-0.10.6-5.fc11 selinux-policy-3.6.12-83.fc11 How reproducible: Start virtual machine. Watch hang on boot from virtual hard drive. Steps to Reproduce: 1. Open Virtual Machine Manager 0.7.0 2. Select VM to run 3. Run VM Actual results: VM hangs at "Booting from Hard Disk..." Multiple AVC errors occur Expected results: VM to run as installed Additional info: Fix command does not help. Summary: SELinux prevented qemu from using the terminal 1. Detailed Description: SELinux prevented qemu from using the terminal 1. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access: Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." Fix Command: setsebool -P allow_daemons_use_tty=1 Additional Information: Source Context system_u:system_r:svirt_t:s0:c345,c533 Target Context system_u:object_r:devpts_t:s0:c345,c533 Target Objects 1 [ chr_file ] Source qemu Source Path /usr/bin/qemu Port <Unknown> Host Penna Source RPM Packages qemu-system-x86-0.10.6-5.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-83.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_daemons_use_tty Host Name Penna Platform Linux Penna 2.6.30.8-64.fc11.x86_64 #1 SMP Fri Sep 25 04:43:32 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Fri 02 Oct 2009 08:01:02 PM EDT Last Seen Fri 02 Oct 2009 08:01:02 PM EDT Local ID da6b8af3-c995-42cc-82d1-d285acda3ea6 Line Numbers Raw Audit Messages node=Penna type=AVC msg=audit(1254528062.922:29667): avc: denied { setattr } for pid=3028 comm="qemu" name="1" dev=devpts ino=4 scontext=system_u:system_r:svirt_t:s0:c345,c533 tcontext=system_u:object_r:devpts_t:s0:c345,c533 tclass=chr_file node=Penna type=SYSCALL msg=audit(1254528062.922:29667): arch=c000003e syscall=92 success=yes exit=0 a0=7fffdb6969c0 a1=0 a2=5 a3=7fffdb6962b0 items=0 ppid=1 pid=3028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu" exe="/usr/bin/qemu" subj=system_u:system_r:svirt_t:s0:c345,c533 key=(null)
*** This bug has been marked as a duplicate of bug 527003 ***