New versions of libvirt separates log functionality from main code to new virtlogd daemon. The new daemon does not defined in the sec-policy/selinux-virt module policy.
# eselect rc start libvirtd
Starting init script
* Caching service dependencies ... [ ok ]
* Starting virtlogd ...
2017-10-14 18:32:30.385+0000: 4584: info : libvirt version: 3.6.0
2017-10-14 18:32:30.385+0000: 4584: info : hostname: XXXX
2017-10-14 18:32:30.385+0000: 4584: error : main:972 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
* start-stop-daemon: failed to start `/usr/sbin/virtlogd'
* Failed to start virtlogd [ !! ]
* ERROR: virtlogd failed to start
* ERROR: cannot start libvirtd as virtlogd would not start
# ls -lZ `which virtlogd`
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 712112 Oct 14 21:27 /usr/sbin/virtlogd
# matchpathcon /usr/sbin/virtlogd
# qlist -ICv sec-policy/selinux-virt
Last unstable sec-policy/selinux-virt version 2.20170805-r2 still does not contains virtlogd type definition with related resources access.
yeah ive got some tentative patches for this but havent gotten around to cleaning them up and merging yet :(
It used to work before, im not sure if there have been more changes that need updating. I'll try and clean these up soon.
# seinfo -t virtlogd_t -x
type virtlogd_t, domain, daemon;
I can see the type already in policy.
Do you want any else action to do?