What were you trying to do that didn't work?

Start a VM with a vsock device as non-root user.

Please provide the package NVR for which bug is seen:

libvirt-8.0.0-23.module+el8.10.0+21023+5962ee04.s390x

How reproducible:

100%

Steps to reproduce

1. confirm vsock is loaded

   # lsmod|grep vsock
   vhost_vsock            24576  0
   vmw_vsock_virtio_transport_common    32768  1 vhost_vsock
   vhost                  57344  1 vhost_vsock
   vsock                  49152  2 vmw_vsock_virtio_transport_common,vhost_vsock
   

1. useradd tester, passwd tester, ssh tester@localhost
2. tester# virsh define vm.xml with vsock device

       <vsock model="virtio">
         <cid auto="yes"/>
       </vsock>
   

1. tester# virsh start vm

Expected results

The VM starts

Actual results

error: Failed to start domain 'vm_test_unpr3ap'
error: unsupported configuration: unable to open vhost-vsock device

On RHEL 9.4 it didn't reproduce, so I compared the access controls of vsock devices. After setting them up as on RHEL 9.4 the VM starts.

rhel8.10#ls -altZ /dev|grep vsock
crw-------.  1 root root system_u:object_r:vhost_device_t:s0         10, 241 Dec 19 11:29 vhost-vsock
crw-------.  1 root root system_u:object_r:vsock_device_t:s0         10,  57 Dec 19 11:29 vsock

rhel9.4# ls -altZ /dev|grep vsock
crw-rw-rw-.  1 root kvm  system_u:object_r:vhost_device_t:s0         10, 241 Dec 12 09:38 vhost-vsock
crw-rw-rw-.  1 root root system_u:object_r:vsock_device_t:s0         10, 116 Dec 12 09:38 vsock

Note

Found by virtual_network.connectivity_check.bridge_interface.unprivileged.default