Red Hat Bugzilla – Bug 990509
Current selinux policy prevents running a VM with volumes under /var/run/vdsm/storage
Last modified: 2014-04-07 19:19:50 EDT
Description of problem:
We would like to run VMs based on volumes placed under vdsm's own /var/run/vdsm directory, currently in parallel to the current trade-mark breaching /rhev/data-center location.
Version-Release number of selected component (if applicable):
How reproducible: 100%
What avcs are you getting?
I've removed this bug from the ovirt-3.3 tracker since it is strictly required for the "hosted engine" feature that is not part of 3.3.
(In reply to Daniel Walsh from comment #1)
> What avcs are you getting?
Elad, from, QE will sent you the logs.
The error is a permission error and with making setenforce permissive the VM can start.
Created attachment 783972 [details]
audit logs + vdsm log
bc9f14a7929ce854f607473cffebee5c67842616 fixes the ability for svirt_t to read symlinks in /var/run
(In reply to Daniel Walsh from comment #5)
> bc9f14a7929ce854f607473cffebee5c67842616 fixes the ability for svirt_t to
> read symlinks in /var/run
On what official version can I check it?
It has been fixed in -70.fc19. You can test it using
build for now until a new update.
(In reply to Miroslav Grepl from comment #9)
> It has been fixed in -70.fc19. You can test it using
> build for now until a new update.
Can you push it also on fc18?
selinux-policy-3.12.1-71.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-71.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.12.1-71.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.