12.10.2016, 15:53, "Tom Gamull" <tgam...@redhat.com>:
Can you set it to permissive and run
sealart -a /var/log/audit/audit.log
 
 
Added logs to attachment.
 
 
 
 
 
 
you may need to install selinux tools
 
On Oct 12, 2016, at 4:49 AM, Краснобаев Михаил <mi...@ya.ru> wrote:
 
Good day,
 
had a similar problem, disabling selinux helped.
 
Best,
Mikhail
 
11.10.2016, 09:55, "Николаев Алексей" <alexeynikolaev.p...@yandex.ru>:
Hi community!
 
I have 4 hosts: 2 old servers and 2 new servers
I have this error trying to migrate VM from new host to old one.
 
Oct 11 09:25:05 node69-06 journal: unsupported configuration: Unable to find security driver for model selinux
Oct 11 09:25:05 node69-06 journal: vdsm vm.Vm ERROR vmId=`a9473a99-32c6-4548-8b85-dafe4ce8f94f`::unsupported configuration: Unable to find security driver for model selinux
Oct 11 09:25:05 node69-06 journal: vdsm vm.Vm ERROR vmId=`a9473a99-32c6-4548-8b85-dafe4ce8f94f`::Failed to migrate#012Traceback (most recent call last):#012  File "/usr/share/vdsm/virt/migration.py", line 246, in run#012    self._startUnderlyingMigration(time.time())#012  File "/usr/share/vdsm/virt/migration.py", line 335, in _startUnderlyingMigration#012    None, maxBandwidth)#012  File "/usr/share/vdsm/virt/vm.py", line 703, in f#012    ret = attr(*args, **kwargs)#012  File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 119, in wrapper#012    ret = f(*args, **kwargs)#012  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1825, in migrateToURI2#012    if ret == -1: raise libvirtError ('virDomainMigrateToURI2() failed', dom=self)#012libvirtError: unsupported configuration: Unable to find security driver for model selinux
 
Migration from OLD host to another OLD host have not any problems.
Migration from NEW host to another NEW host have not any problems.
Migration from OLD host to NEW host have not any problems.
 
Migration is not work only from NEW to OLD.
 
oVirt Engine Version: 3.5.6.2-1.el6
 
All hosts:
OS Version: RHEL - 7 - 2.1511.el7.centos.2.10
Kernel Version: 3.10.0 - 327.36.1.el7.x86_64
KVM Version: 2.3.0 - 29.1.el7
LIBVIRT Version: libvirt-1.2.17-13.el7_2.5
VDSM Version: vdsm-4.16.30-0.el7.centos
 
Any ideas? Thx.
,

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

 
 
 
 
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
found 18 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
2701cea5-6bb5-435d-9403-2343f43a914b.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file
Then you need to change the label on 2701cea5-6bb5-435d-9403-2343f43a914b
Do
# semanage fcontext -a -t FILE_TYPE '2701cea5-6bb5-435d-9403-2343f43a914b'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v '2701cea5-6bb5-435d-9403-2343f43a914b'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c488,c590
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                2701cea5-6bb5-435d-9403-2343f43a914b [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-10-12 14:38:13 MSK
Last Seen                     2016-10-12 14:38:13 MSK
Local ID                      e5608de0-4bb9-45c9-8eee-e2b37e9664f4

Raw Audit Messages
type=AVC msg=audit(1476272293.416:213): avc:  denied  { read } for  pid=4996 
comm="qemu-kvm" name="2701cea5-6bb5-435d-9403-2343f43a914b" dev="dm-1" 
ino=268436805 scontext=system_u:system_r:svirt_t:s0:c488,c590 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476272293.416:213): arch=x86_64 syscall=stat success=no 
exit=EACCES a0=7f6f6a116b00 a1=7ffc9030d660 a2=7ffc9030d660 a3=7f6f60774e90 
items=0 ppid=1 pid=4996 auid=4294967295 uid=107 gid=107 euid=107 suid=107 
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c488,c590 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
2701cea5-6bb5-435d-9403-2343f43a914b.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file
Then you need to change the label on 2701cea5-6bb5-435d-9403-2343f43a914b
Do
# semanage fcontext -a -t FILE_TYPE '2701cea5-6bb5-435d-9403-2343f43a914b'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v '2701cea5-6bb5-435d-9403-2343f43a914b'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c578,c612
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                2701cea5-6bb5-435d-9403-2343f43a914b [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 14:40:25 MSK
Last Seen                     2016-10-12 14:40:25 MSK
Local ID                      4c9911aa-f92d-4b18-a3d5-a829f8d8d989

Raw Audit Messages
type=AVC msg=audit(1476272425.252:364): avc:  denied  { read } for  pid=5529 
comm="qemu-kvm" name="2701cea5-6bb5-435d-9403-2343f43a914b" dev="dm-1" 
ino=268436805 scontext=system_u:system_r:svirt_t:s0:c578,c612 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476272425.252:364): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7fd600d16b00 a1=80800 a2=0 a3=7fd5f7e9ae90 items=0 ppid=1 
pid=5529 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 
sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c578,c612 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
2701cea5-6bb5-435d-9403-2343f43a914b.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file
Then you need to change the label on 2701cea5-6bb5-435d-9403-2343f43a914b
Do
# semanage fcontext -a -t FILE_TYPE '2701cea5-6bb5-435d-9403-2343f43a914b'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v '2701cea5-6bb5-435d-9403-2343f43a914b'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c240,c253
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                2701cea5-6bb5-435d-9403-2343f43a914b [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-10-12 14:47:10 MSK
Last Seen                     2016-10-12 14:47:10 MSK
Local ID                      c9ee8367-ad2c-4dbf-ae46-e43ad88fa759

Raw Audit Messages
type=AVC msg=audit(1476272830.219:490): avc:  denied  { read } for  pid=6439 
comm="qemu-kvm" name="2701cea5-6bb5-435d-9403-2343f43a914b" dev="dm-1" 
ino=268436805 scontext=system_u:system_r:svirt_t:s0:c240,c253 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476272830.219:490): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7f1d93d80b00 a1=84002 a2=0 a3=0 items=0 ppid=1 pid=6439 
auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 
fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c240,c253 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
2701cea5-6bb5-435d-9403-2343f43a914b.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file
Then you need to change the label on 2701cea5-6bb5-435d-9403-2343f43a914b
Do
# semanage fcontext -a -t FILE_TYPE '2701cea5-6bb5-435d-9403-2343f43a914b'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v '2701cea5-6bb5-435d-9403-2343f43a914b'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
2701cea5-6bb5-435d-9403-2343f43a914b lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c154,c888
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                2701cea5-6bb5-435d-9403-2343f43a914b [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-10-12 14:47:56 MSK
Last Seen                     2016-10-12 14:47:56 MSK
Local ID                      c337152b-8c31-4e7c-ad57-45203b97af8e

Raw Audit Messages
type=AVC msg=audit(1476272876.350:592): avc:  denied  { read } for  pid=6742 
comm="qemu-kvm" name="2701cea5-6bb5-435d-9403-2343f43a914b" dev="dm-1" 
ino=268436805 scontext=system_u:system_r:svirt_t:s0:c154,c888 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476272876.350:592): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7fa4fef68b00 a1=80800 a2=0 a3=7fa4f49cde90 items=0 ppid=1 
pid=6742 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 
sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c154,c888 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c350,c447
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 14:53:57 MSK
Last Seen                     2016-10-12 14:53:57 MSK
Local ID                      d9faf2fb-ffe5-4183-99ac-040f5e38175b

Raw Audit Messages
type=AVC msg=audit(1476273237.544:678): avc:  denied  { read } for  pid=7455 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c350,c447 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273237.544:678): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7f3817e3c9a0 a1=80800 a2=0 a3=7f380d3afe90 items=0 ppid=1 
pid=7455 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 
sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c350,c447 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c536,c727
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 14:54:45 MSK
Last Seen                     2016-10-12 14:54:45 MSK
Local ID                      a0f38ecd-3923-40c8-918e-3cc3d91be2bf

Raw Audit Messages
type=AVC msg=audit(1476273285.680:729): avc:  denied  { read } for  pid=7708 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c536,c727 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273285.680:729): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7f003bb589a0 a1=80800 a2=0 a3=7f0032698e90 items=0 ppid=1 
pid=7708 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 
sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c536,c727 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c164,c452
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 14:55:01 MSK
Last Seen                     2016-10-12 14:55:01 MSK
Local ID                      47f09d3b-41ba-4367-a351-1be519739a8a

Raw Audit Messages
type=AVC msg=audit(1476273301.831:788): avc:  denied  { read } for  pid=7916 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c164,c452 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273301.831:788): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7ff2994f09a0 a1=84002 a2=0 a3=0 items=0 ppid=1 pid=7916 
auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 
fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c164,c452 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c334,c678
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-10-12 14:58:47 MSK
Last Seen                     2016-10-12 14:58:47 MSK
Local ID                      7572c42b-a52a-4a44-862d-eb304d9991b6

Raw Audit Messages
type=AVC msg=audit(1476273527.439:923): avc:  denied  { read } for  pid=8758 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c334,c678 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273527.439:923): arch=x86_64 syscall=open success=no 
exit=EACCES a0=7faf4998c9a0 a1=84002 a2=0 a3=0 items=0 ppid=1 pid=8758 
auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 
fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c334,c678 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from getattr access on the lnk_file 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c520,c829
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /rhev/data-center/mnt/blockSD/dcaf230c-
                              fa73-4022-9750-e5094669454d/images/71f18680-1b93
                              -4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b
                              3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:00:06 MSK
Last Seen                     2016-10-12 15:00:06 MSK
Local ID                      2f5b2d74-ce96-44fe-bb55-4c146ec40cae

Raw Audit Messages
type=AVC msg=audit(1476273606.370:975): avc:  denied  { getattr } for  pid=9050 
comm="qemu-kvm" 
path="/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2"
 dev="dm-1" ino=493725 scontext=system_u:system_r:svirt_t:s0:c520,c829 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273606.370:975): arch=x86_64 syscall=lstat 
success=yes exit=0 a0=7fff5b665e70 a1=7fff5b665d00 a2=7fff5b665d00 
a3=3761643631303362 items=0 ppid=1 pid=9050 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c520,c829 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,getattr

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c520,c829
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:00:06 MSK
Last Seen                     2016-10-12 15:00:06 MSK
Local ID                      d93a1026-2e94-445b-bcce-9b8edae4083f

Raw Audit Messages
type=AVC msg=audit(1476273606.370:974): avc:  denied  { read } for  pid=9050 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c520,c829 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476273606.370:974): arch=x86_64 syscall=open 
success=yes exit=ENOTDIR a0=7f9e288329a0 a1=80800 a2=0 a3=7f9e1ddace90 items=0 
ppid=1 pid=9050 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c520,c829 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c427,c438
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:07:10 MSK
Last Seen                     2016-10-12 15:07:10 MSK
Local ID                      5444b690-34c1-48f2-afa9-08c49cca7f9d

Raw Audit Messages
type=AVC msg=audit(1476274030.194:1052): avc:  denied  { read } for  pid=9976 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c427,c438 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476274030.194:1052): arch=x86_64 syscall=open 
success=yes exit=ENOTDIR a0=7f706b3a49a0 a1=80800 a2=0 a3=7f7061809e90 items=0 
ppid=1 pid=9976 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c427,c438 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from getattr access on the lnk_file 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c427,c438
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /rhev/data-center/mnt/blockSD/dcaf230c-
                              fa73-4022-9750-e5094669454d/images/71f18680-1b93
                              -4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b
                              3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:07:10 MSK
Last Seen                     2016-10-12 15:07:10 MSK
Local ID                      68770884-ea33-4e9d-a499-936d14aef3f0

Raw Audit Messages
type=AVC msg=audit(1476274030.195:1053): avc:  denied  { getattr } for  
pid=9976 comm="qemu-kvm" 
path="/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2"
 dev="dm-1" ino=493725 scontext=system_u:system_r:svirt_t:s0:c427,c438 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476274030.195:1053): arch=x86_64 syscall=lstat 
success=yes exit=0 a0=7ffd2a5ea360 a1=7ffd2a5ea1f0 a2=7ffd2a5ea1f0 
a3=3761643631303362 items=0 ppid=1 pid=9976 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c427,c438 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,getattr

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from getattr access on the lnk_file 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c333,c726
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /rhev/data-center/mnt/blockSD/dcaf230c-
                              fa73-4022-9750-e5094669454d/images/71f18680-1b93
                              -4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b
                              3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:54:53 MSK
Last Seen                     2016-10-12 15:54:53 MSK
Local ID                      d0d2659a-8d2e-4aaf-835c-52075909e26d

Raw Audit Messages
type=AVC msg=audit(1476276893.916:1223): avc:  denied  { getattr } for  
pid=14956 comm="qemu-kvm" 
path="/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2"
 dev="dm-1" ino=493725 scontext=system_u:system_r:svirt_t:s0:c333,c726 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476276893.916:1223): arch=x86_64 syscall=lstat 
success=yes exit=0 a0=7fff316303c0 a1=7fff31630250 a2=7fff31630250 
a3=3761643631303362 items=0 ppid=1 pid=14956 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c333,c726 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,getattr

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c333,c726
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:54:53 MSK
Last Seen                     2016-10-12 15:54:53 MSK
Local ID                      198aced0-0959-4225-a11f-4d0bdc7c6fb9

Raw Audit Messages
type=AVC msg=audit(1476276893.916:1222): avc:  denied  { read } for  pid=14956 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c333,c726 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476276893.916:1222): arch=x86_64 syscall=open 
success=yes exit=ENOTDIR a0=7f67d8afc9a0 a1=80800 a2=0 a3=7f67cee3be90 items=0 
ppid=1 pid=14956 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c333,c726 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c528,c994
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:57:59 MSK
Last Seen                     2016-10-12 15:57:59 MSK
Local ID                      c585c5fe-d306-4068-ae5d-4bcd11052713

Raw Audit Messages
type=AVC msg=audit(1476277079.139:1290): avc:  denied  { read } for  pid=15482 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c528,c994 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476277079.139:1290): arch=x86_64 syscall=open 
success=yes exit=ENOTDIR a0=7f24c83c89a0 a1=80800 a2=0 a3=7f24bef4ee90 items=0 
ppid=1 pid=15482 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm 
exe=/usr/libexec/qemu-kvm subj=system_u:system_r:svirt_t:s0:c528,c994 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from getattr access on the lnk_file 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c528,c994
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /rhev/data-center/mnt/blockSD/dcaf230c-
                              fa73-4022-9750-e5094669454d/images/71f18680-1b93
                              -4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b
                              3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 15:57:59 MSK
Last Seen                     2016-10-12 15:57:59 MSK
Local ID                      2c34ef41-0709-47fb-811d-026772d7ba7c

Raw Audit Messages
type=AVC msg=audit(1476277079.140:1291): avc:  denied  { getattr } for  
pid=15482 comm="qemu-kvm" 
path="/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2"
 dev="dm-1" ino=493725 scontext=system_u:system_r:svirt_t:s0:c528,c994 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476277079.140:1291): arch=x86_64 syscall=lstat 
success=yes exit=0 a0=7fff3e371770 a1=7fff3e371600 a2=7fff3e371600 
a3=3761643631303362 items=0 ppid=1 pid=15482 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c528,c994 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,getattr

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from read access on the lnk_file 
a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 'a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed read access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c489,c932
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                a3f29de7-c6b9-410e-b635-9b3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-10-12 16:00:17 MSK
Last Seen                     2016-10-12 16:00:17 MSK
Local ID                      9848e909-d341-4fcb-b579-d835c4a3e962

Raw Audit Messages
type=AVC msg=audit(1476277217.301:1343): avc:  denied  { read } for  pid=15904 
comm="qemu-kvm" name="a3f29de7-c6b9-410e-b635-9b3016da7ba2" dev="dm-1" 
ino=493725 scontext=system_u:system_r:svirt_t:s0:c489,c932 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476277217.301:1343): arch=x86_64 syscall=readlink 
success=yes exit=EREMCHG a0=7ffcb6460140 a1=7ffcb645cf70 a2=fff 
a3=3761643631303362 items=0 ppid=1 pid=15904 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c489,c932 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,read

--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/qemu-kvm from getattr access on the lnk_file 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow qemu-kvm to have getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file
Then you need to change the label on 
/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2
Do
# semanage fcontext -a -t FILE_TYPE 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'
where FILE_TYPE is one of the following: admin_home_t, alsa_etc_rw_t, 
alsa_home_t, antivirus_home_t, audio_home_t, auth_home_t, bin_t, boot_t, 
cache_home_t, cert_t, chrome_sandbox_home_t, cifs_t, config_home_t, cvs_home_t, 
data_home_t, dbus_home_t, device_t, devlog_t, etc_runtime_t, etc_t, 
fetchmail_home_t, fonts_cache_t, fonts_t, fusefs_t, gconf_home_t, 
git_user_content_t, gkeyringd_gnome_home_t, gnome_home_t, gpg_secret_t, 
gstreamer_home_t, home_bin_t, home_cert_t, home_root_t, httpd_user_content_t, 
httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, 
httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, irc_home_t, 
irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, ld_so_t, lib_t, 
local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, 
mandb_home_t, mnt_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, 
mplayer_home_t, mysqld_home_t, net_conf_t, nfs_t, openshift_var_lib_t, 
polipo_cache_home_t, polipo_config_home_t, proc_t, procmail_home_t, 
public_content_rw_t, public_content_t, pulseaudio_home_t, qemu_var_run_t, 
rlogind_home_t, root_t, rpm_script_tmp_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, 
screen_home_t, security_t, shell_exec_t, spamc_home_t, 
speech-dispatcher_home_t, src_t, ssh_home_t, svirt_home_t, svirt_image_t, 
svirt_tmp_t, svirt_tmpfs_t, sysfs_t, system_conf_t, system_db_t, 
systemd_home_t, telepathy_cache_home_t, telepathy_data_home_t, 
telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, 
telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, 
telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, 
telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, 
tmp_t, tvtime_home_t, uml_ro_t, uml_rw_t, usbfs_t, user_fonts_cache_t, 
user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, 
usr_t, var_run_t, var_t, virt_content_t, virt_etc_rw_t, virt_home_t, 
virt_image_t, virt_var_lib_t, virt_var_run_t, vmware_conf_t, vmware_file_t, 
wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t. 
Then execute: 
restorecon -v 
'/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that qemu-kvm should be allowed getattr access on the 
a3f29de7-c6b9-410e-b635-9b3016da7ba2 lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c489,c932
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /rhev/data-center/mnt/blockSD/dcaf230c-
                              fa73-4022-9750-e5094669454d/images/71f18680-1b93
                              -4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b
                              3016da7ba2 [ lnk_file ]
Source                        qemu-kvm
Source Path                   /usr/libexec/qemu-kvm
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           qemu-kvm-ev-2.3.0-29.1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     node69-02.
Platform                      Linux node69-02.
                              3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18
                              13:04:29 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-10-12 16:00:17 MSK
Last Seen                     2016-10-12 16:00:17 MSK
Local ID                      5bb1ae49-1b66-4714-b4e7-d51d5792077f

Raw Audit Messages
type=AVC msg=audit(1476277217.301:1342): avc:  denied  { getattr } for  
pid=15904 comm="qemu-kvm" 
path="/rhev/data-center/mnt/blockSD/dcaf230c-fa73-4022-9750-e5094669454d/images/71f18680-1b93-4a2a-9bd1-95baeccf2d89/a3f29de7-c6b9-410e-b635-9b3016da7ba2"
 dev="dm-1" ino=493725 scontext=system_u:system_r:svirt_t:s0:c489,c932 
tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1476277217.301:1342): arch=x86_64 syscall=lstat 
success=yes exit=0 a0=7ffcb6460140 a1=7ffcb645ffd0 a2=7ffcb645ffd0 
a3=3761643631303362 items=0 ppid=1 pid=15904 auid=4294967295 uid=107 gid=107 
euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
ses=4294967295 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
subj=system_u:system_r:svirt_t:s0:c489,c932 key=(null)

Hash: qemu-kvm,svirt_t,unlabeled_t,lnk_file,getattr

found 0 alerts in /var/log/audit/audit.log
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to