Virt_use_sysfs selinux boolean missing in Fedora 41

milamber-pug · April 7, 2025, 12:18pm

I’m trying to get PCI Passthrough working on Fedora 41 without disabling SELinux, but it looks like the virt_use_sysfs boolean has been removed, and most guides say I need to set this to on.

The error messages I’m getting suggest I need libvirt/kvm to have access to sysfs to pass through my usb controller and gpu too. Passthrough works fine with SELinux turned off, but I don’t want to leave it off.

Does anyone know why this boolean is missing on Fedora 41, if there’s a package or something I could install to get it back, or if there’s a better way to make this work?

vgaetera · April 7, 2025, 12:42pm

Enable SELinux in permissive mode and restore filesystem labels.
Collect the denials if any to generate a custom module policy:

journalctl -b _AUDIT_TYPE_NAME=AVC | audit2allow -m local

audit2allow | policycoreutils-python-utils Commands | Man Pages | ManKier

milamber-pug · April 7, 2025, 2:10pm

thanks, that command lead me to audit2allow -a, which told me I should enable domain_can_mmap_files. Seems to work with that set to on

Topic		Replies	Views
Swtpm and/or selinux and/or ? error preventing VM install under UEFI with Cockpit (or Virt-Manager) Ask Fedora help , cockpit , server , f41	16	201	February 28, 2025
What package is enabling these custom SELinux booleans? Ask Fedora flatpak , selinux , server , workstation	1	290	August 2, 2023
Libvirt and SELinux issues with denials and 3D acceleration Ask Fedora f37 , libvirt , selinux	4	785	December 1, 2022
Fedora 40: Systemd cannot fix SELinux security context because it is blocked by SELinux itself Ask Fedora selinux , f40	3	303	January 3, 2025
Libvirt virt-manager filesystem mode passthrough unavailable Ask Fedora f32 , libvirt	9	4538	December 13, 2020

Virt_use_sysfs selinux boolean missing in Fedora 41

Related topics