On Tue, 2017-11-21 at 13:04 -0800, Rick Stevens wrote:
On 11/21/2017 12:31 PM, Cole Robinson wrote:
> On 11/14/2017 05:31 PM, Patrick O'Callaghan wrote:
> > On trying to fire up a VM using virt-manager, I get "unable to map
> > backing store for guest RAM: Permission denied".
> >
> > I use hugepages to lock down memory for the VM, which may be relevant
> > for the error. This worked correctly on F26 just before the upgrade to
> > F27. I have changed nothing in my VM configuration, nor in the config
> > file for QEMU. However, temporarily turning off SElinux allows the
> > startup to proceed, after which I can re-enable SElinux with no ill
> > effects, i.e. the VM runs correctly.
> >
> > A complete relabel of my system (touch /.autolabel and reboot) has made
> > no difference.
> >
>
> If you're still hitting this, please file a libvirt bug and we can
> follow up from there, certainly sounds like something weird is going on
I doubt it's a file context issue so a relabel wouldn't help. It's more
of a kernel thing. It's probably controllable via one of the SELinux
virt_* booleans. An AVC denial message would sure help to sort it out.
See my reply to Cole. The BZ report has all the information I can find.
Other than refiling it against libvirtd rather than SElinux I don't
know what else I can do.
poc