For a user session KVM/QEMU virtual machine I am trying to use virtiofs to share a folder between guest (windows11) and host (fedora 40), but I get an error:
error: Failed to start domain 'win11'
error: internal error: process exited while connecting to monitor: 2024-06-27T12:34:36.795427Z qemu-system-x86_64: -chardev socket,id=chr-vu-fs0,path=/home/USER/.config/libvirt/qemu/lib/domain-20-win11/fs0-fs.sock: Failed to connect to '/home/USER/.config/libvirt/qemu/lib/domain-20-win11/fs0-fs.sock': Permission denied
and in the logs I will get this message about selinux not allowing for the socket to be created:
audit[18329]: AVC avc: denied { connectto } for pid=18329 comm="qemu-system-x86" path="/home/USER/.config/libvirt/qemu/lib/domain-17-win11/fs0-fs.sock" scontext=unconfined_u:unconfined_r:svirt_t:s0:c353,c434 tcontext=unconfined_u:unconfined_r:unconfined_t:s0:c353,c434 tclass=unix_stream_socket permissive=0
When setting selinux to permissive it works as expected. Fiddling around with selinux a bit I tried:
semanage fcontext -a -f s -t svirt_socket_t /home/[^/]+/\.config/libvirt/domain-[^/]+/.+\.sock
and
semanage fcontext -a -f s -t svirt_image_t /home/[^/]+/\.config/libvirt/domain-[^/]+/.+\.sock
but no cigar…
I think it might be that the socket is created ok but then selinux is preventing qemu-system-x86 to connect to the newly created socket? But how to tell selinux it’s ok? Any tips on how to proceed would be much appreciated.