Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1149600 - I think SELinux blocks gnome-boxes (libvirt) with bridged networking
Summary: I think SELinux blocks gnome-boxes (libvirt) with bridged networking
Keywords:
Status: CLOSED DUPLICATE of bug 1147057
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-06 08:00 UTC by Elad Alfassa
Modified: 2014-10-06 09:17 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-06 09:17:30 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Elad Alfassa 2014-10-06 08:00:47 UTC
When trying to start a Boxes machine that has bridged networking configured, I see these error in my logs:


Oct 06 10:49:30 rincewind libvirtd[3110]: Unable to open vhost-net. Opened so far 0, requested 1
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to set security context 'system_u:object_r:tun_tap_device_t:s0:c1006,c1016' on fd 21: Operation not permitted
Oct 06 10:49:30 rincewind libvirtd[3110]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to read: /sys/class/net/tap0/operstate: No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: unable to read: /sys/class/net/tap0/operstate: No such file or directory



type=ANOM_PROMISCUOUS msg=audit(1412582369.389:186): dev=tap0 prom=256 old_prom=0 auid=1000 uid=1000 gid=1000 ses=1
type=SYSCALL msg=audit(1412582369.389:186): arch=c000003e syscall=16 success=yes exit=0 a0=5 a1=89a2 a2=7fffb218aef0 a3=7ff557e10500 items=0 ppid=3110 pid=5718 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="qemu-bridge-hel" exe="/usr/libexec/qemu-bridge-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1412582369.389:186): proctitle=2F7573722F6C6962657865632F71656D752D6272696467652D68656C706572002D2D7573652D766E6574002D2D62723D766972627230002D2D66643D3231
type=ANOM_PROMISCUOUS msg=audit(1412582369.404:187): dev=tap0 prom=0 old_prom=256 auid=1000 uid=1000 gid=1000 ses=1



the selinux troubleshooter does not see this error.


This error causes the VM to fail to start. If I setenforce 0, it starts correctly.

Comment 1 Miroslav Grepl 2014-10-06 09:01:41 UTC
Yes, we have bugs for libvirtd.

Comment 2 Miroslav Grepl 2014-10-06 09:17:30 UTC

*** This bug has been marked as a duplicate of bug 1147057 ***


Note You need to log in before you can comment on or make changes to this bug.