SELinux notifications from Hyper-V Daemons

Solution Verified - Updated -

Issue

  • The following error message may appear in system logs if avc logging is enabled:
    SELinux is preventing /usr/sbin/ip from 'read, write' accesses on the chr_file /dev/vmbus/hv_kvp

  • Complete avc denial log:

type=AVC msg=audit(1482950489.908:1558): avc:  denied  { read write } for  pid=23949 comm="ip" path="/dev/vmbus/hv_kvp" dev="devtmpfs" ino=17786 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:hypervkvp_device_t:s0 tclass=chr_file
  • Several different AVC Denials related to Hyper-V and /dev/vmbus may occur, depending on which Hyper-V daemons are being utilized.

Environment

  • Red Hat Enterprise Linux 7
  • Hyper-V host and Linux Integration Services (LIS) 4.1
  • SElinux policy before prior to version selinux-policy-3.13.1-102.el7 running Red Hat Hyper-V daemons from hyperv-daemons package
    OR
  • Any SELinux Policy running Microsoft provided Hyper-V daemons.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content