-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6, rhel-10.0.beta
-
None
-
No
-
None
-
sst_security_selinux
-
ssg_security
-
1
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
As subject
What is the impact of this issue to you?
Seems only AVC denial msgs
Please provide the package NVR for which the bug is seen:
libvirt-10.9.0-1.el9.x86_64
qemu-kvm-9.1.0-1.el9.x86_64
swtpm-0.8.0-2.el9_4.x86_64
selinux-policy-40.13.5-1.el9.noarch
How reproducible is this bug?:
Not always. Around 80%
Steps to reproduce
- Prepare a win11 domain. Start it, sleep for 120s and destroy it
➜ ~ virsh start win11 && sleep 120 && virsh destroy win11 Domain 'win11' started Domain 'win11' destroyed
The AVC denials during the cmds:
type=AVC msg=audit(1730873508.501:2529): avc: denied { relabelto } for pid=45174 comm="prio-rpc-virtqe" name="tpm2" dev="dm-0" ino=3422609190 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_var_lib_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1730873508.501:2530): avc: denied { relabelto } for pid=45174 comm="prio-rpc-virtqe" name="tpm2-00.permall" dev="dm-0" ino=3422627023 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_var_lib_t:s0 tclass=file permissive=1 type=AVC msg=audit(1730873508.501:2531): avc: denied { relabelto } for pid=45174 comm="prio-rpc-virtqe" name="win11-swtpm.log" dev="dm-0" ino=202700284 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
Expected results
No AVC denials
Actual results
As above.
The domain XML: win11.xml