search

stackhpc / ansible-role-libvirt-vm

This role configures and creates VMs on a KVM hypervisor.
128 stars 67 forks source link

Failure to start VM on CentOS 8 with console log enabled due to SELinux #56

Open markgoddard opened 4 years ago

markgoddard commented 4 years ago

The console log directory defaults to /var/log/libvirt-consoles/. On CentOS 8 with SELinux enabled this causes VMs to fail to start, since virtlogd can't access the log file.

b1r63r commented 2 years ago

module my-virtlogd-07 1.0;

require { type var_log_t; type virtlogd_t; class capability { dac_override dac_read_search }; class dir { add_name remove_name write }; class file { create open unlink }; }

============= virtlogd_t ==============

!!!! This avc is allowed in the current policy

allow virtlogd_t self:capability { dac_override dac_read_search };

!!!! This avc is allowed in the current policy

allow virtlogd_t var_log_t:dir { add_name remove_name write }; allow virtlogd_t var_log_t:file unlink;

!!!! This avc is allowed in the current policy

allow virtlogd_t var_log_t:file { create open };

b1r63r commented 2 years ago

this seems to fix it on my stream 8 test server, but may not be the correct fix.