>It took me two nights to figure out that SELinux prevents qemu-libvirt to read certain ROM files that I need.
That is not too hard to imagine. Basically, the rationale is that if qemu/libvirt can read your ROM file, it can probably read other files too, some of which might be sensitive. So the defaults are conservative. Unless your rom file is in a standard location where it expects, it won't read even if the permissions are 644.
>So after scratching my head, I just turned it off altogether
selinux is annoying, but it is worth persisting. Nowadays, most things work well. I think things are bit more stable in RHEL/CentOS than Fedora by definition. So maybe you can try that if you are getting too many selinux related problems.
This could help: https://people.redhat.com/duffy/selinux/selinux-coloring-boo...
>It took me two nights to figure out that SELinux prevents qemu-libvirt to read certain ROM files that I need.
That is not too hard to imagine. Basically, the rationale is that if qemu/libvirt can read your ROM file, it can probably read other files too, some of which might be sensitive. So the defaults are conservative. Unless your rom file is in a standard location where it expects, it won't read even if the permissions are 644.
>So after scratching my head, I just turned it off altogether
selinux is annoying, but it is worth persisting. Nowadays, most things work well. I think things are bit more stable in RHEL/CentOS than Fedora by definition. So maybe you can try that if you are getting too many selinux related problems.