We have been seeing this in dmesg since upgrading our systems to fedora 24.
Unable to fix SELinux security context of /run/mdadm/md127.sock: Permission denied
If you do a restorecon of course it does not stick across reboots. It also does not show up in an ausearch.
The following has just started occurring when we try and run a libvirt VM.
Error starting domain: SELinux policy denies access.
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1404, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1035, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: SELinux policy denies access.
We put the system in Permissive mode and VM will run but no AVC is logged. There are several seboleans that might fix this but we have never needed to use any before.
Hi David,
This issue is fixed in selinux-policy-3.13.1-191.13.fc24.noarch, rpm package will be pushed to fedora-updates repo soon. If you want install it right now, please download it from following webpage: http://koji.fedoraproject.org/koji/buildinfo?buildID=793828
Thanks, Lukas.
On 08/24/2016 04:36 AM, David Highley wrote:
We have been seeing this in dmesg since upgrading our systems to fedora 24.
Unable to fix SELinux security context of /run/mdadm/md127.sock: Permission denied
If you do a restorecon of course it does not stick across reboots. It also does not show up in an ausearch.
The following has just started occurring when we try and run a libvirt VM.
Error starting domain: SELinux policy denies access.
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1404, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1035, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: SELinux policy denies access.
We put the system in Permissive mode and VM will run but no AVC is logged. There are several seboleans that might fix this but we have never needed to use any before. -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
selinux@lists.fedoraproject.org