-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
None
-
Moderate
-
sst_security_selinux
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
There are AVC denied errors when creaing logical volume by libvirt and attaching the lv to vm.
The functionality is not affected.
Please provide the package NVR for which bug is seen:
libvirt-10.4.0-1.el10.x86_64
selinux-policy-40.13.3-1.el10.noarch
How reproducible:
100%
Steps to reproduce
- Prepare a host with HBA card
- Set selinux to permissive mode
[root@dell-per730-58 ~]# setenforce 0
- Create vHBA device
[root@dell-per730-58 ~]# cat nodedev.xml <device> <capability type="scsi_host"> <capability type="fc_host"> <wwnn>2001f4e9d4eb02c9</wwnn> <wwpn>1000000000000001</wwpn> </capability> </capability> <parent>scsi_host12</parent> </device> [root@dell-per730-58 ~]# virsh nodedev-create nodedev.xml Node device scsi_host13 created from nodedev.xml
- Start vm
[root@dell-per730-58 ~]# virsh start avocado-vt-vm1 Domain 'avocado-vt-vm1' started
- Set selinux to enforing mode
[root@dell-per730-58 ~]# setenforce 1
- Create a storage pool with type=logical, and create a lv
# virsh pool-define-as --name virt-test-pool --type logical --source-dev /dev/mapper/mpathb --target /dev/new-pool # virsh pool-build virt-test-pool # virsh vol-create-as --pool virt-test-pool imagefrommapper.qcow2 --capacity 1G --allocation 1G --format raw
- Attach the lv to vm
# cat disk_xml.xml <disk type="volume" device="disk"> <source pool="virt-test-pool" volume="imagefrommapper.qcow2" /> <driver name="qemu" type="raw" /> <target dev="vdb" bus="virtio" /> </disk> # virsh attach-device avocado-vt-vm1 disk_xml.xml
Expected results
No AVC errors