_{SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-40.13.16-1.el10.noarch}

_{time->Tue Dec 17 06:57:39 2024
type=PROCTITLE msg=audit(1734418659.709:421): proctitle="/var/tmp/20241217065638-bin/guest_memfd_test"
type=SYSCALL msg=audit(1734418659.709:421): arch=c000003e syscall=9 success=no exit=-19 a0=0 a1=1000 a2=3 a3=1 items=0 ppid=95313 pid=101674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="guest_memfd_tes" exe="/var/tmp/20241217065638-bin/guest_memfd_test" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1734418659.709:421): avc:  denied  { read write } for  pid=101674 comm="guest_memfd_tes" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=201895 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_t:s0 tclass=anon_inode permissive=1
type=AVC msg=audit(1734418659.709:421): avc:  denied  { map } for  pid=101674 comm="guest_memfd_tes" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=201895 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_t:s0 tclass=anon_inode permissive=1}

We run these tests in CKI with latest build from kvm upstream. You can see the results in CKIs datawarehouse. I would appreciate some help with investigation here. Thank you.

 _{{}}