Okay, it seems weird just keeps getting weirder.
Double-clicking on the VM and then running the VM works fine. But
hitting the power-on button from the main virt-manager screen results in
a SELinux violation.
I will never understand the idiosyncrasies of SELinux.
On 5/7/20 5:41 PM, Sreyan Chakravarty wrote:
I have a file for a Windows 10 VM in my home folder under a folder
called virt-manager:
/home/sreyan/virt-manager/Windows 10-disk001.qcow2
When I try to switch on the VM from virt-manager it fails with:
SELinux is preventing worker from read access on the file
/home/sreyan/virt-manager/Windows 10-disk001.qcow2.
***** Plugin qemu_file_image (91.4 confidence) suggests
*******************
If Windows 10-disk001.qcow2 is a virtualization target
Then you need to change the label on Windows 10-disk001.qcow2'
Do
# semanage fcontext -a -t virt_image_t
'/home/sreyan/virt-manager/Windows.10-disk001.qcow2'
# restorecon -v '/home/sreyan/virt-manager/Windows.10-disk001.qcow2'
***** Plugin catchall (9.59 confidence) suggests
**************************
If you believe that worker should be allowed read access on the
Windows 10-disk001.qcow2 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'worker' --raw | audit2allow -M my-worker
# semodule -X 300 -i my-worker.pp
Additional Information:
Source Context unconfined_u:unconfined_r:svirt_t:s0:c239,c999
Target Context system_u:object_r:svirt_image_t:s0:c276,c718
Target Objects /home/sreyan/virt-manager/Windows
10-disk001.qcow2
[ file ]
Source worker
Source Path worker
Port <Unknown>
Host localhost.HPNotebook
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-3.14.4-50.fc31.noarch
Local Policy RPM selinux-policy-targeted-3.14.4-50.fc31.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.HPNotebook
Platform Linux localhost.HPNotebook
5.5.15-200.fc31.x86_64
#1 SMP Thu Apr 2 19:16:17 UTC 2020
x86_64 x86_64
Alert Count 3
First Seen 2020-05-07 17:34:50 IST
Last Seen 2020-05-07 17:34:50 IST
Local ID 74764396-5a32-4477-9eea-5e643d89c270
Raw Audit Messages
type=AVC msg=audit(1588853090.475:1605): avc: denied { read } for
pid=29914 comm="worker"
path=2F686F6D652F73726579616E2F766972742D6D616E616765722F57696E646F77732031302D6469736B3030312E71636F7732
dev="dm-2" ino=6684679
scontext=unconfined_u:unconfined_r:svirt_t:s0:c239,c999
tcontext=system_u:object_r:svirt_image_t:s0:c276,c718 tclass=file
permissive=0
Hash: worker,svirt_t,svirt_image_t,file,read
Should I just BLINDLY run the commands specified ? I don't want to be
making exceptions that I don't understand fully.
Now what is strange is that it was working fine 2 days back. During
that time I have not done any changes. No updates or whatever.
So why is this happening all of the sudden?
And why the hell is SELinux blocking a file in my /home ? It should be
totally safe, why would anyone think this is suspicious ?
--
Regards,
Sreyan
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx