Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to start VM on CentOS 8 with console log enabled due to SELinux #56

Open
markgoddard opened this issue Jun 4, 2020 · 2 comments
Open

Failure to start VM on CentOS 8 with console log enabled due to SELinux #56

markgoddard opened this issue Jun 4, 2020 · 2 comments

Comments

@markgoddard
Copy link

The console log directory defaults to /var/log/libvirt-consoles/. On CentOS 8 with SELinux enabled this causes VMs to fail to start, since virtlogd can't access the log file.
@b1r63r
Copy link

b1r63r commented May 12, 2022

module my-virtlogd-07 1.0;

require {
type var_log_t;
type virtlogd_t;
class capability { dac_override dac_read_search };
class dir { add_name remove_name write };
class file { create open unlink };
}

#============= virtlogd_t ==============

#!!!! This avc is allowed in the current policy
allow virtlogd_t self:capability { dac_override dac_read_search };

#!!!! This avc is allowed in the current policy
allow virtlogd_t var_log_t:dir { add_name remove_name write };
allow virtlogd_t var_log_t:file unlink;

#!!!! This avc is allowed in the current policy
allow virtlogd_t var_log_t:file { create open };

@b1r63r
Copy link

b1r63r commented May 12, 2022
edited
Loading

this seems to fix it on my stream 8 test server, but may not be the correct fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@b1r63r @markgoddard