Hi,
I want to set up a Vagrant box
(
https://www.mediawiki.org/wiki/MediaWiki-Vagrant) under Fe-
dora 23 with vagrant-libvirt. Usually, this means cloning
the Git repository to somewhere in my home directory and
running "vagrant up". This produces the VM configuration
("virsh dumpxml"):
| […]
| <filesystem type='mount' accessmode='passthrough'>
| <driver type='path' wrpolicy='immediate'/>
| <source dir='/home/tim/src/mediawiki-vagrant/libvirt-test'/>
| <target dir='vagrant-root'/>
| <alias name='fs0'/>
| <address type='pci' domain='0x0000' bus='0x00'
slot='0x05' function='0x0'/>
| </filesystem>
| <filesystem type='mount' accessmode='passthrough'>
| <driver type='path' wrpolicy='immediate'/>
| <source dir='/home/tim/src/mediawiki-vagrant/libvirt-test/logs'/>
| <target dir='vagrant-logs'/>
| <alias name='fs1'/>
| <address type='pci' domain='0x0000' bus='0x00'
slot='0x06' function='0x0'/>
| </filesystem>
| […]
If the guest VM tries to read that with 9p, audit.log shows:
| type=AVC msg=audit(1447019352.577:960): avc: denied { read } for pid=16166
comm="pool" name="libvirt-test" dev="dm-4" ino=11956343
scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.588:961): avc: denied { read } for pid=16166
comm="pool" name="logs" dev="dm-4" ino=11956472
scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.651:962): avc: denied { read } for pid=16166
comm="pool" name="libvirt-test" dev="dm-4" ino=11956343
scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
| type=AVC msg=audit(1447019352.657:963): avc: denied { read } for pid=16166
comm="pool" name="logs" dev="dm-4" ino=11956472
scontext=system_u:system_r:svirt_tcg_t:s0:c325,c639
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
(If reading would succeed, it would likely fail a short time
later on writing.)
Is there an existing solution for sharing a directory with a
guest VM, e. g. perhaps a file context for such directories?
Tim