Libvirt and SELinux issues with denials and 3D acceleration

Hello,

For general information I am running libvirt managed mainly through virt-manager on Fedora 37.

When even just launching virt-manager I get following avc denial:

SELinux is preventing systemd-gpt-aut from using the sys_admin capability.

When launching a VM I get this:

SELinux is preventing libvirt_leasesh from using the execmem access on a process.

or when using 3D acceleration

SELinux is preventing qemu-system-x86 from using the execmem access on a process.

Is it safe to “whitelist” these denials via the suggested booleans or do I have to set SELinux to permissive all together?

If you need more info please ask.
Thank you!

1 Like

Hello, most of the time each denial is a separate issue and need to be dealt with on it’s own. E.g.:

https://bugzilla.redhat.com/show_bug.cgi?id=2083900

Switching to permissive mode is rather a last resort and if you haven’t noticed any issue but AVC denial report, it’s safer to look up some information rather than to straight-away create a local policy or change suggested boolean to allow what’s been blocked.

SELinux is preventing libvirt_leasesh from using the execmem access on a process.

I had same after upgrading to F37. That’s 2122918 – avc: denied { execmem } for comm="libvirt_leasesh"

I have the same problem. I fresh installed F37-i3 edition and during the first upgrade I have encountered with this error

SELinux is preventing systemd-gpt-aut from using the sys_admin capability.

I was also using F37-i3 (fresh installed like a week ago) in VM and never had this issue. I have also seen the bug report. I hope this bug gets fixed soon.

1 Like

I amd not sure but maybe this github bug might be related to this error.