General info: there are currently three open topics that cover likely the same problem origin, although the denials are not equal but overlapping (the difference in the denials can be explained by, e.g., differences in the configuration of host or guests):
-
so far, only the
qemu-imgdenial is reported: Unable to create new virt-manager vm with software TPM on Fedora 40 - #20 by py0xc3 -
all discovered denials reported including
qemu-img: Creating new VM with TPM using virt-manager results in SELinux-related error - #6 by py0xc3 -
all discovered denials reported but not
qemu-img: TPM Does Not Work Virt-Manager Fedora 40 - #9 by py0xc3
I do not merge them at this time since we do not know 100% that they are identifcal. SELinux policy issues are complex (but I am confident at this time that a policy fix will solve all three 
).
Everyone who is affected by the issue is encouraged to provide the full output of ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today after provoking the issue so that we can compare their denials, and add a short elaboration of your very issue. Please compare your ausearch output with the denials of the very topics and post them in the relevant one! Unless other information comes up, we will open a bug ticket later today or tomorrow in this one (no worries, we will link the ticket to all topics ).
I expect the issue is a policy in swtpm-selinux. That can be solved with an update once the maintainers untangled and fixed it.
@kparal it is up to you if you determine this already a common issue. I don’t know how widespread swtpm actually is on Fedora.