Re: [Libguestfs] [libvirt] [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.

On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote: The AVCs are: type=AVC msg=audit(1342903120.938:9403): avc: denied { write } for pid=21757 comm="qemu-kvm" name="guestfsd.sock" dev="dm-4" ino=939761 scontext=system_u:system_r:svirt_t:s0:c411,c865 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=sock_file type=AVC msg=audit(1342903120.938:9403): avc: denied { connectto } for pid=21757 comm="qemu-kvm" path="/home/rjones/d/libguestfs/libguestfsDDwHEF/guestfsd.sock" scontext=system_u:system_r:svirt_t:s0:c411,c865 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket audit2allow suggests: #============= svirt_t ============== allow svirt_t unconfined_t:unix_stream_socket connectto; allow svirt_t user_home_t:sock_file write; I might be able to solve this by labelling the socket, but I'm not clear what label to use. Also that won't work if the main process is non-root but has permissions to access the global libvirtd - we'd really need libvirtd to do the labelling. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://et.redhat.com/~rjones/virt-df/