SELinux default policy does not allow qemu-kvm (TLS) read access to /dev/random
Issue
* SELinux is generating AVC error messages when trying to create (final step, after clicking Finish) or start a virtual machine, when TLS is enabled in qemu.conf and a properly configured PKI infrastructure exists.
The AVCs point towards incorrect contexts on /dev/random, which TLS requires access to for entropy in the encryption mechanisms
Environment
- Red Hat Enterprise Linux 5
- selinux-policy-2.4.6-255.el5_4.3 or older
-
SELinux is enabled (enforcing) & contexts are set correctly
-
kvm/qemu-kvm/virt-manager packages installed
-
qemu/libvirt per http://virt-manager.org/page/RemoteTLS & http://libvirt.org/remote.html
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.