Created attachment 525078 [details] screenshot of sealert Description of problem: SELinux is preventing /usr/bin/qemu-kvm from write access on the blk_file sr0. For complete SELinux messages. run sealert -l 0ebd25db-0a0a-4762-b0a0-80df675300cf sealert -l 0ebd25db-0a0a-4762-b0a0-80df675300cf SELinux is preventing /usr/bin/qemu-kvm from write access on the blk_file sr0. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that qemu-kvm should be allowed write access on the sr0 blk_file by default. Then you should report this as a bug. Version-Release number of selected component (if applicable): qemu-kvm-0.14.0-7.fc15 selinux-policy-targeted-3.9.16-26.fc15 From audit.log: type=AVC msg=audit(1317114972.590:4035): avc: denied { write } for pid=12144 comm="qemu-kvm" name="sr0" dev=devtmpfs ino=1199 scontext=system_u:system_r:svirt_t:s0:c723,c875 tcontext=system_u:object_r:virt_content_t:s0 tclass=blk_file How reproducible: always Steps to Reproduce: 1. Start VM with CD-ROM "disconnected" (qemu is accessing /dev/sr0 physical CD-ROM driver, CD is inserted). 2.When guest OS asks for CD insertion, click on "connect" in virt-manager CD-ROM tab Actual results: Permission denied error (see above). Expected results: This basic ioperation should be possible Additional info: Strace of qemu shows that it is requesting RW access on the CD-ROM drive although the device is configured as readonly device.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This is fixed in Fedora 16 and later AIUI, but it needed some qemu cooperation which won't be backported, since F15 is end of life in a month. If you are still seeing this issue with a more recent Fedora, please reopen this report.