-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-10.0.beta
What were you trying to do that didn't work?
As subject
Please provide the package NVR for which bug is seen:
libvirt-10.4.0-1.el10.x86_64
qemu-kvm-9.0.0-2.el10.x86_64
sanlock-3.9.0-2.el10+4.x86_64
selinux-policy-40.13.3-1.el10.noarch
How reproducible:
100%
Steps to reproduce
Do as the workaround of https://issues.redhat.com/browse/RHEL-44350{}
Set libvirt as https://libvirt.org/kbase/locking-sanlock.html and start a domain
Error when start the domain:
error: internal error: Process exited prior to exec: libvirt: Lock Driver error : Unable to query sector size /var/lib/libvirt/sanlock/09d5ccce60db36a1db0ecddc08f380ee: Connection refused(exit status: 1)
Set SELinux to permissive and restart the domain, then there is 2 avc denied msg in audit log:
type=AVC msg=audit(1718964317.317:19438): avc: denied { write } for pid=180681 comm="daemon-init" name="sanlock.sock" dev="tmpfs" ino=16749 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:sanlock_var_run_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1718964317.317:19438): avc: denied { connectto } for pid=180681 comm="daemon-init" path="/run/sanlock/sanlock.sock" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1
Expected results
No avc denied
Actual results
as above
It blocks https://issues.redhat.com/browse/LIBVIRT-1138