Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1969209

Summary: SELinux is preventing virtlogd from 'read, append' accesses on the file system.token
Product: Red Hat Enterprise Linux 9 Reporter: yalzhang <yalzhang>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: VERIFIED --- QA Contact: Milos Malik <mmalik>
Severity: urgent Docs Contact:
Priority: high    
Version: 9.0CC: berrange, dwalsh, dzheng, extras-qa, fjin, grepl.miroslav, hhan, jsuchane, juzhou, lcheng, lizhu, lmen, lvrabec, meili, mmalik, mprivozn, mxie, omosnace, plautrba, rjones, virt-maint, vmojzis, wshi, yafu, yanqzhan, yoguo, zpytela
Target Milestone: betaKeywords: Automation, Regression, TestBlocker, Triaged
Target Release: 9.0 Beta   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-34.1.9-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1966842 Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1966842, 1964317    
Bug Blocks: 910269    

Comment 1 yalzhang@redhat.com 2021-06-08 01:45:35 UTC 
Sorry to have so disordered description, I was updating it when I pressed a wrong key to submit it. Anyway the same issue as bug 1966842 happens on rhel 9 with below packages:
libvirt-7.4.0-1.el9.x86_64
selinux-policy-34.1.6-1.el9.noarch
Comment 2 Richard W.M. Jones 2021-06-08 09:22:44 UTC 
*** Bug 1969286 has been marked as a duplicate of this bug. ***
Comment 3 Zdenek Pytela 2021-06-09 16:37:17 UTC 
Note there is ongoing discussion in the parent bz#1964317.
Comment 5 Zdenek Pytela 2021-06-14 12:13:15 UTC 
Commit to backport:
commit 1f761d0bbdc08d21a91cdcbd1909ddb53858e354 (HEAD -> rawhide, upstream/rawhide)
Author: Zdenek Pytela <zpytela>
Date:   Fri Jun 11 22:39:47 2021 +0200

    Label /run/libvirt/common with virt_common_var_run_t
Comment 6 Richard W.M. Jones 2021-06-16 21:38:56 UTC 
FYI this prevents virt-v2v from running in RHEL 9:
https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/37540386?focus=id:b29f0199d85e4508aad026ef8a34597c871e16a0cc8ad8a92eeae319efc186af