-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
No
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
1
-
QE ack
-
False
-
-
None
-
None
-
-
None
-
None
-
None
What were you trying to do that didn't work?
AVC deined error when start vm with multiqueue virtio interface
What is the impact of this issue to you?
VM can start successfully, but there is avc denied error in audit log
Please provide the package NVR for which the bug is seen:
libvirt-10.8.0-3.el10.x86_64
qemu-kvm-9.1.0-3.el10.x86_64
selinux-policy-40.13.12-1.el10.noarch
How reproducible is this bug?:
100%
Steps to reproduce
1. Prepare a vm with multiqueue interface like:
# virsh dumpxml rhel --xpath //interface <interface type="network"> <mac address="52:54:00:ee:01:68"/> <source network="default"/> <model type="virtio"/> <driver queues="4"/> <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/> </interface>
2. start the vm, vm can start successfully, but there is avc deined error in audit log:
# ausearch -m avc ---- time->Wed Oct 30 23:04:49 2024 type=PROCTITLE msg=audit(1730343889.492:253): proctitle=2F7573722F7362696E2F7669727471656D7564002D2D74696D656F757400313230 type=SYSCALL msg=audit(1730343889.492:253): arch=c000003e syscall=16 success=yes exit=0 a0=19 a1=400454ca a2=7effff9ff000 a3=0 items=0 ppid=1 pid=3097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtqemud" exe="/usr/sbin/virtqemud" subj=system_u:system_r:virtqemud_t:s0 key=(null) type=AVC msg=audit(1730343889.492:253): avc: denied { relabelto } for pid=3097 comm="rpc-virtqemud" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:system_r:virtqemud_t:s0 tclass=tun_socket permissive=1 type=AVC msg=audit(1730343889.492:253): avc: denied { relabelfrom } for pid=3097 comm="rpc-virtqemud" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:system_r:virtqemud_t:s0 tclass=tun_socket permissive=1
Expected results
There should not be avc deined error when start vm with multiqueue interface