Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1149600

Summary: I think SELinux blocks gnome-boxes (libvirt) with bridged networking
Product: [Fedora] Fedora Reporter: Elad Alfassa <elad>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: dominick.grift, dwalsh, lvrabec, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-06 09:17:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elad Alfassa 2014-10-06 08:00:47 UTC 
When trying to start a Boxes machine that has bridged networking configured, I see these error in my logs:


Oct 06 10:49:30 rincewind libvirtd[3110]: Unable to open vhost-net. Opened so far 0, requested 1
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to set security context 'system_u:object_r:tun_tap_device_t:s0:c1006,c1016' on fd 21: Operation not permitted
Oct 06 10:49:30 rincewind libvirtd[3110]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to read: /sys/class/net/tap0/operstate: No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: unable to read: /sys/class/net/tap0/operstate: No such file or directory



type=ANOM_PROMISCUOUS msg=audit(1412582369.389:186): dev=tap0 prom=256 old_prom=0 auid=1000 uid=1000 gid=1000 ses=1
type=SYSCALL msg=audit(1412582369.389:186): arch=c000003e syscall=16 success=yes exit=0 a0=5 a1=89a2 a2=7fffb218aef0 a3=7ff557e10500 items=0 ppid=3110 pid=5718 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="qemu-bridge-hel" exe="/usr/libexec/qemu-bridge-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1412582369.389:186): proctitle=2F7573722F6C6962657865632F71656D752D6272696467652D68656C706572002D2D7573652D766E6574002D2D62723D766972627230002D2D66643D3231
type=ANOM_PROMISCUOUS msg=audit(1412582369.404:187): dev=tap0 prom=0 old_prom=256 auid=1000 uid=1000 gid=1000 ses=1



the selinux troubleshooter does not see this error.


This error causes the VM to fail to start. If I setenforce 0, it starts correctly.
Comment 1 Miroslav Grepl 2014-10-06 09:01:41 UTC 
Yes, we have bugs for libvirtd.
Comment 2 Miroslav Grepl 2014-10-06 09:17:30 UTC 

*** This bug has been marked as a duplicate of bug 1147057 ***