SELinux notifications from Hyper-V Daemons
Issue
-
The following error message may appear in system logs if avc logging is enabled:
SELinux is preventing /usr/sbin/ip from 'read, write' accesses on the chr_file /dev/vmbus/hv_kvp -
Complete avc denial log:
type=AVC msg=audit(1482950489.908:1558): avc: denied { read write } for pid=23949 comm="ip" path="/dev/vmbus/hv_kvp" dev="devtmpfs" ino=17786 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:hypervkvp_device_t:s0 tclass=chr_file
- Several different AVC Denials related to Hyper-V and /dev/vmbus may occur, depending on which Hyper-V daemons are being utilized.
Environment
- Red Hat Enterprise Linux 7
- Hyper-V host and Linux Integration Services (LIS) 4.1
- SElinux policy before prior to version
selinux-policy-3.13.1-102.el7running Red Hat Hyper-V daemons fromhyperv-daemonspackage
OR - Any SELinux Policy running Microsoft provided Hyper-V daemons.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
