Failure to start VM on CentOS 8 with console log enabled due to SELinux

[markgoddard]

The console log directory defaults to /var/log/libvirt-consoles/. On CentOS 8 with SELinux enabled this causes VMs to fail to start, since virtlogd can't access the log file.

[b1r63r]

module my-virtlogd-07 1.0;

require { type var_log_t; type virtlogd_t; class capability { dac_override dac_read_search }; class dir { add_name remove_name write }; class file { create open unlink }; }

#============= virtlogd_t ==============

#!!!! This avc is allowed in the current policy allow virtlogd_t self:capability { dac_override dac_read_search };

#!!!! This avc is allowed in the current policy allow virtlogd_t var_log_t:dir { add_name remove_name write }; allow virtlogd_t var_log_t:file unlink;

#!!!! This avc is allowed in the current policy allow virtlogd_t var_log_t:file { create open };

[b1r63r]

this seems to fix it on my stream 8 test server, but may not be the correct fix.