Justin Taft - Home / Posts

Applying SELinux Tags To Allow Cross-VM Disk Access

Fedora uses SELinux’s Multi Category Security to restrict VMs from accessing other VMs backing disks. Each VM is assigned a randomized category number when starting. When accessing a VM disk file from another running VM, such as by sharing a directory, an error similar to the following is logged by systemd: audit[26742]: AVC avc: denied…