What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

[root@dell-per760-22 ~]# uname -r
6.12.0-124.21.1.el10_1.x86_64

[root@dell-per760-22 ~]# rpm -qa|grep selinux-policy
selinux-policy-42.1.7-1.el10.noarch
selinux-policy-targeted-42.1.7-1.el10.noarch

How reproducible is this bug?:

Steps to reproduce

1. setenforce 0
   systemctl restart openvswitch
   ovs-vsctl show
   ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-init="true"
   ovs-vsctl --no-wait set Open_vSwitch . other_config:userspace-tso-enable="true"
   ovs-vsctl add-br br0 – set bridge br0 datapath_type=netdev
   ovs-vsctl add-port br0 vduse0 – set Interface vduse0 type=dpdkvhostuserclient options:vhost-server-path=/dev/vduse/vduse0
   ovs-vsctl add-port br0 vduse1 – set Interface vduse1 type=dpdkvhostuserclient options:vhost-server-path=/dev/vduse/vduse1
   vdpa dev add name vduse0 mgmtdev vduse
   vdpa dev add name vduse1 mgmtdev vduse
   driverctl -b vdpa set-override vduse0 vhost_vdpa
   driverctl -b vdpa set-override vduse1 vhost_vdpa
   virsh net-destroy default
   virsh net-undefine default
   virsh net-define /usr/share/libvirt/networks/default.xml
   virsh net-start default
   virsh net-list
   ip a|grep virbr0
   wget -P /var/lib/libvirt/images/ {img_guest}

   cp /var/lib/libvirt/images/*.qcow2 /var/lib/libvirt/images/g1.qcow2
   cp /var/lib/libvirt/images/g1.qcow2 /var/lib/libvirt/images/g2.qcow2
   virsh define

   {g1_xml}

   virsh define

   {g2_xml}

   virsh start g1
   virsh start g2
   sleep 30

Expected results

No avc.log

Actual results

job:
https://beaker.engineering.redhat.com/jobs/12183491
avc log:
https://beaker-archive.prod.engineering.redhat.com/beaker-logs/2026/01/121834/12183491/20430411/210142602/970294496/avc.log

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-42.1.7-1.el10.noarch
----
time->Wed Jan 14 23:27:53 2026
type=PROCTITLE msg=audit(1768451273.646:317): proctitle=2F7573722F6C6962657865632F71656D752D6B766D002D6E616D650067756573743D67322C64656275672D746872656164733D6F6E002D53002D6F626A656374007B22716F6D2D74797065223A22736563726574222C226964223A226D61737465724B657930222C22666F726D6174223A22726177222C2266696C65223A222F
type=SYSCALL msg=audit(1768451273.646:317): arch=c000003e syscall=9 success=no exit=-524 a0=0 a1=1000 a2=2 a3=1 items=0 ppid=1 pid=20266 auid=4294967295 uid=107 gid=983 euid=107 suid=107 fsuid=107 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm=43505520322F4B564D exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(1768451273.646:317): avc:  denied  { map } for  pid=20266 comm=43505520322F4B564D path="/dev/vhost-vdpa-1" dev="devtmpfs" ino=1482 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:vhost_device_t:s0 tclass=chr_file permissive=1