Hi, while testing oVirt for 4.5 alpha I noticed on the ovirt-engine side:
# ausearch -m avc|grep den type=AVC msg=audit(1646758341.539:780): avc: denied { search } for pid=38783 comm="modprobe" name="events" dev="tracefs" ino=45 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1646758341.539:780): avc: denied { search } for pid=38783 comm="modprobe" name="events" dev="tracefs" ino=45 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1646881861.570:998): avc: denied { write } for pid=97466 comm="ovs-appctl" name="ovnnb_db.ctl" dev="tmpfs" ino=195196 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1646881861.573:999): avc: denied { write } for pid=97467 comm="ovs-appctl" name="ovn-northd.38883.ctl" dev="tmpfs" ino=195260 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1646881861.575:1000): avc: denied { write } for pid=97468 comm="ovs-appctl" name="ovnsb_db.ctl" dev="tmpfs" ino=198897 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1646969461.086:1037): avc: denied { write } for pid=122222 comm="ovs-appctl" name="ovnnb_db.ctl" dev="tmpfs" ino=195196 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1646969461.089:1038): avc: denied { write } for pid=122223 comm="ovs-appctl" name="ovn-northd.38883.ctl" dev="tmpfs" ino=195260 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1646969461.091:1039): avc: denied { write } for pid=122224 comm="ovs-appctl" name="ovnsb_db.ctl" dev="tmpfs" ino=198897 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 type=AVC msg=audit(1647265858.456:54): avc: denied { search } for pid=1245 comm="modprobe" name="events" dev="tracefs" ino=45 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1647265858.456:54): avc: denied { search } for pid=1245 comm="modprobe" name="events" dev="tracefs" ino=45 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0
Involved packages are:
dnf list installed "*openvswitch*" Installed Packages centos-release-nfv-openvswitch.noarch 1-3.el8 @extras openvswitch-selinux-extra-policy.noarch 1.0-28.el8 @centos-nfv-openvswitch openvswitch2.15.x86_64 2.15.0-81.el8s @centos-nfv-openvswitch ovirt-openvswitch.noarch 2.15-3.el8 @centos-ovirt45-testing ovirt-openvswitch-ovn.noarch 2.15-3.el8 @centos-ovirt45-testing ovirt-openvswitch-ovn-central.noarch 2.15-3.el8 @centos-ovirt45-testing ovirt-openvswitch-ovn-common.noarch 2.15-3.el8 @centos-ovirt45-testing ovirt-python-openvswitch.noarch 2.15-3.el8 @centos-ovirt45-testing python3-openvswitch2.15.x86_64 2.15.0-81.el8s @centos-nfv-openvswitch
As the openvswitch packages are coming from centos-release-nfv-openvswitch reporting to centos devel (no more specific location mentioned on https://wiki.centos.org/ReportBugs )