SELinux default policy does not allow qemu-kvm (TLS) read access to /dev/random

Solution Verified - Updated -

Issue

* SELinux is generating AVC error messages when trying to create (final step, after clicking Finish) or start a virtual machine, when TLS is enabled in qemu.conf and a properly configured PKI infrastructure exists.
  The AVCs point towards incorrect contexts on /dev/random, which TLS requires access to for entropy in the encryption mechanisms

Environment

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content