What were you trying to do that didn't work?

As subject

What is the impact of this issue to you?

AVC denials

Please provide the package NVR for which the bug is seen:

libvirt-11.5.0-1.el10.x86_64
selinux-policy-40.13.35-1.el10.noarch
virt-install-5.0.0-1.el10.noarch

How reproducible is this bug?

100%

Steps to reproduce

1. Prepare a domain with nvram. For example:
   virt-install --import --boot uefi -n test --disk /var/lib/libvirt/images/test.qcow2 --osinfo detect=on,require=off -r 4096
   virsh destroy test
2. Clone the VM

virt-clone -o test -n test1 --auto-clone 
Allocating 'test1.qcow2'
Allocating 'test1_VARS.fd'   

Clone 'test1' created successfully.

The AVC denials in cloning:
type=AVC msg=audit(1752811278.985:12625): avc:  denied  { write } for  pid=1645349 comm="rpc-virtstorage" name="nvram" dev="dm-0" ino=203603940 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:qemu_var_run_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1752811278.985:12625): avc:  denied  { add_name } for  pid=1645349 comm="rpc-virtstorage" name="test1_VARS.fd" scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:qemu_var_run_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1752811278.985:12625): avc:  denied  { create } for  pid=1645349 comm="rpc-virtstorage" name="test1_VARS.fd" scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:qemu_var_run_t:s0 tclass=file permissive=1
type=AVC msg=audit(1752811278.985:12625): avc:  denied  { write } for  pid=1645349 comm="rpc-virtstorage" path="/var/lib/libvirt/qemu/nvram/test1_VARS.fd" dev="dm-0" ino=203413165 scontext=system_u:system_r:virtstoraged_t:s0 tcontext=system_u:object_r:qemu_var_run_t:s0 tclass=file permissive=1

Expected results

No denials

Actual results

as above