Red Hat Bugzilla – Bug 867395
[selinux-policy] AVC when trying to start qemu-kvm domain (guest) on posix compliant file-system
Last modified: 2013-01-11 06:34:37 EST
This bug has been copied from bug #835936 and has been proposed
to be backported to 6.3 z-stream (EUS).
Fixed in selinux-policy-3.7.19-155.el6_3.6
On RHEL 6.3 hypervisor, we updated the selinux-policy and selinux-policy-targeted rpm and the enabled the sanlock_use_fusefs and virt_use_fusefs booleans. With selinux in enforcing mode, we were able to create VMs and migrate VMs. So moving this bug to verified.
[root@rhs-gp-srv2 ~]# getsebool -a | grep fusefs
samba_share_fusefs --> off
sanlock_use_fusefs --> on
use_fusefs_home_dirs --> off
virt_use_fusefs --> on
[root@rhs-gp-srv2 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@rhs-gp-srv2 ~]# rpm -qa | grep -i selinux
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.