I am using the virt-manager fltapak through an SSH connection to create an FCOS VM and I hit :
libvirt: error : cannot execute binary /usr/bin/swtpm: Permission denied
Looking at the selinux log I see
type=AVC msg=audit(1774307350.686:810): avc: denied { entrypoint } for pid=4058 comm="rpc-virtqemud" path="/usr/bin/swtpm" dev="overlay" ino=2068200 scontext=system_u:system_r:svirt_t:s0:c844,c859 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
type=AVC msg=audit(1774307350.689:811): avc: denied { relabelto } for pid=4059 comm="rpc-virtqemud" name="pihole-swtpm.log" dev="sda4" ino=1775361 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
I don't see any recent updates to swtpm nor swtpm-selinux and I was not hitting that a month ago when I did some testing.
Deleting the TPM device entirely allows the VM to start.
I am using the virt-manager fltapak through an SSH connection to create an FCOS VM and I hit :
libvirt: error : cannot execute binary /usr/bin/swtpm: Permission deniedLooking at the selinux log I see
I don't see any recent updates to
swtpmnorswtpm-selinuxand I was not hitting that a month ago when I did some testing.Deleting the TPM device entirely allows the VM to start.