What were you trying to do that didn't work?

As subject

Please provide the package NVR for which bug is seen:

libvirt-10.4.0-1.el10.x86_64
qemu-kvm-9.0.0-2.el10.x86_64
sanlock-3.9.0-2.el10+4.x86_64
selinux-policy-40.13.3-1.el10.noarch

How reproducible:

100%

Steps to reproduce

Do as the workaround of https://issues.redhat.com/browse/RHEL-44350{}

Set libvirt as https://libvirt.org/kbase/locking-sanlock.html and start a domain

Error when start the domain:

error: internal error: Process exited prior to exec: libvirt: Lock Driver error : Unable to query sector size /var/lib/libvirt/sanlock/09d5ccce60db36a1db0ecddc08f380ee: Connection refused(exit status: 1)

Set SELinux to permissive and restart the domain, then there is 2 avc denied msg in audit log:

type=AVC msg=audit(1718964317.317:19438): avc:  denied  { write } for  pid=180681 comm="daemon-init" name="sanlock.sock" dev="tmpfs" ino=16749 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:sanlock_var_run_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1718964317.317:19438): avc:  denied  { connectto } for  pid=180681 comm="daemon-init" path="/run/sanlock/sanlock.sock" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1

Expected results

No avc denied

Actual results

as above

It blocks https://issues.redhat.com/browse/LIBVIRT-1138