SELinux notifications from Hyper-V Daemons

Solution Verified - Updated -

Issue

  • The following error message may appear in system logs if avc logging is enabled:
    SELinux is preventing /usr/sbin/ip from 'read, write' accesses on the chr_file /dev/vmbus/hv_kvp

  • Complete avc denial log:

type=AVC msg=audit(1482950489.908:1558): avc:  denied  { read write } for  pid=23949 comm="ip" path="/dev/vmbus/hv_kvp" dev="devtmpfs" ino=17786 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:hypervkvp_device_t:s0 tclass=chr_file
  • Several different AVC Denials related to Hyper-V and /dev/vmbus may occur, depending on which Hyper-V daemons are being utilized.

Environment

  • Red Hat Enterprise Linux 7
  • Hyper-V host and Linux Integration Services (LIS) 4.1
  • SElinux policy before prior to version selinux-policy-3.13.1-102.el7 running Red Hat Hyper-V daemons from hyperv-daemons package
    OR
  • Any SELinux Policy running Microsoft provided Hyper-V daemons.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.