KVM Selinux error On fedora

If i set SELINUX in permissive mode and then try to create vm with storage location ntfs parttion also then kvm didn’t giving this :point_down: :point_down:error or any other error…now job done.

Unable to complete install: 'internal error: process exited while connecting to monitor: 2022-01-17T11:41:25.919215Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/hdd1/VM_Storage/rhel7.0.qcow2","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/hdd1/VM_Storage/rhel7.0.qcow2': Permission denied'

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/createvm.py", line 2001, in _do_async_install
    installer.start_install(guest, meter=meter)
  File "/usr/share/virt-manager/virtinst/install/installer.py", line 701, in start_install
    domain = self._create_guest(
  File "/usr/share/virt-manager/virtinst/install/installer.py", line 649, in _create_guest
    domain = self.conn.createXML(install_xml or final_xml, 0)
  File "/usr/lib64/python3.10/site-packages/libvirt.py", line 4393, in createXML
    raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: process exited while connecting to monitor: 2022-01-17T11:41:25.919215Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/hdd1/VM_Storage/rhel7.0.qcow2","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/hdd1/VM_Storage/rhel7.0.qcow2': Permission denied

But my problem is i can’t put selinux always in permissive mode
So i want to change the context of vm storage location to virt_image_t

But the serious problem starts now.
when i am going to change the context of storage location to virt_image_t
but it doesn’t changing after applying this commands also…

sudo semanage fcontext -a -t virt_image_t "/path/path(/.*)?"
sudo restorecon -Rv /path/path

Now what…???

If the filesystem doesn’t support selinux attributes, you should still be able to set them on the mount point. I think it would be something like the following in your fstab (just a guess).

/dev/hdd1 /hdd1 ntfs defaults,context=system_u:object_r:virt_image_t:s0,nofail 0 0

if you run a ausearch -m avc -ts recent | audit2why should give you an idea of whats going on. once you know whats going on you can manually go and fix the issue or create a policy that will allow what you need.