Issue

What were you trying to do that didn't work? Encounted the following avc issue when installing an KVM host with RHEL-9.5.0-20240427.14. SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-38.1.36-1.el9.noarch ---- time->Sat Apr 27 16:51:21 2024 type=PROCTITLE msg=audit(1714251081.973:1604): proctitle=2F7573722F6C6962657865632F71656D752D6B766D002D6E616D650067756573743D6F6E7461702D6E6F6465312C64656275672D746872656164733D6F6E002D53002D6F626A656374007B22716F6D2D74797065223A22736563726574222C226964223A226D61737465724B657930222C22666F726D6174223A22726177222C type=SYSCALL msg=audit(1714251081.973:1604): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=563b3c117074 a2=0 a3=0 items=0 ppid=1 pid=32896 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c42,c482 key=(null) type=AVC msg=audit(1714251081.973:1604): avc:  denied  { read } for  pid=32896 comm="qemu-kvm" name="max_map_count" dev="proc" ino=110649 scontext=system_u:system_r:svirt_t:s0:c42,c482 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file permissive=0 ---- time->Sat Apr 27 17:04:43 2024 type=PROCTITLE msg=audit(1714251883.898:1784): proctitle=2F7573722F6C6962657865632F71656D752D6B766D002D6E616D650067756573743D6F6E7461702D6E6F6465322C64656275672D746872656164733D6F6E002D53002D6F626A656374007B22716F6D2D74797065223A22736563726574222C226964223A226D61737465724B657930222C22666F726D6174223A22726177222C type=SYSCALL msg=audit(1714251883.898:1784): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5589b0452074 a2=0 a3=0 items=0 ppid=1 pid=37327 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c189,c943 key=(null) type=AVC msg=audit(1714251883.898:1784): avc:  denied  { read } for  pid=37327 comm="qemu-kvm" name="max_map_count" dev="proc" ino=110649 scontext=system_u:system_r:svirt_t:s0:c189,c943 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file permissive=0 Please provide the package NVR for which bug is seen: kernel: 5.14.0-443.el9 selinux-policy: 38.1.36-1.el9.noarch How reproducible: many times Steps to reproduce Install an KVM host with RHEL-9.5.0-20240427.14 Expected results No AVC issue Actual results AVC deny https://beaker.engineering.redhat.com/jobs/9217137 https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2024/04/92171/9217137/16032729/177034157/826962864/avc.log

Release Notes

No. of Comments

Resolution

Won't Do