We have been seeing this in dmesg since upgrading our systems to fedora
24.
Unable to fix SELinux security context of /run/mdadm/md127.sock:
Permission denied
If you do a restorecon of course it does not stick across reboots. It
also does not show up in an ausearch.
The following has just started occurring when we try and run a libvirt
VM.
Error starting domain: SELinux policy denies access.
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn
ret = fn(self, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1404, in startup
self._backend.create()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1035, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: SELinux policy denies access.
We put the system in Permissive mode and VM will run but no AVC is logged.
There are several seboleans that might fix this but we have never needed
to use any before.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
