If using libvirt's qemu:///session, the libvirt daemon and all VMs are launched as the regular user, and the folder heirarchy typically in /var/lib/libvirt is stored under ~/.libvirt If using NFS homedirs, and enabling the virt_use_nfs boolean, VMs still fail to launch: bind(unix:/home/boston/crobinso/.libvirt/qemu/lib/livecd.monitor): Permission denied chardev: opening backend "socket" failed Audit messages: type=AVC msg=audit(1277924371.406:36254): avc: denied { create } for pid=11459 comm="qemu-kvm" name="livecd.monitor" scontext=system_u:system_r:svirt_t:s0:c217,c847 tcontext=system_u:object_r:nfs_t:s0:c217,c847 tclass=sock_file type=SYSCALL msg=audit(1277924371.406:36254): arch=c000003e syscall=49 success=no exit=-13 a0=3 a1=7fffb42ba6c0 a2=6e a3=712f747269766269 items=0 ppid=1 pid=11459 auid=10736 uid=10736 gid=10736 euid=10736 suid=10736 fsuid=10736 egid=10736 sgid=10736 fsgid=10736 tty=(none) ses=1 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c217,c847 key=(null) virt_use_nfs should probably be ammended to allow socket creation.
I'm seeing this on F12, but it's probably also relevant for F13+
Add fs_manage_nfs_named_sockets(svirt_t) and fs_manage_cifs_named_sockets(svirt_t)
Fixed in selinux-policy-3.6.32-120.fc12
selinux-policy-3.6.32-120.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-120.fc12
selinux-policy-3.6.32-120.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-120.fc12
selinux-policy-3.6.32-120.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.