Bug 1149600

Summary: I think SELinux blocks gnome-boxes (libvirt) with bridged networking
Product: [Fedora] Fedora Reporter: Elad Alfassa <elad>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: dominick.grift, dwalsh, lvrabec, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-06 09:17:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elad Alfassa 2014-10-06 08:00:47 UTC 
When trying to start a Boxes machine that has bridged networking configured, I see these error in my logs:


Oct 06 10:49:30 rincewind libvirtd[3110]: Unable to open vhost-net. Opened so far 0, requested 1
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to set security context 'system_u:object_r:tun_tap_device_t:s0:c1006,c1016' on fd 21: Operation not permitted
Oct 06 10:49:30 rincewind libvirtd[3110]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to read: /sys/class/net/tap0/operstate: No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: unable to read: /sys/class/net/tap0/operstate: No such file or directory



type=ANOM_PROMISCUOUS msg=audit(1412582369.389:186): dev=tap0 prom=256 old_prom=0 auid=1000 uid=1000 gid=1000 ses=1
type=SYSCALL msg=audit(1412582369.389:186): arch=c000003e syscall=16 success=yes exit=0 a0=5 a1=89a2 a2=7fffb218aef0 a3=7ff557e10500 items=0 ppid=3110 pid=5718 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="qemu-bridge-hel" exe="/usr/libexec/qemu-bridge-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1412582369.389:186): proctitle=2F7573722F6C6962657865632F71656D752D6272696467652D68656C706572002D2D7573652D766E6574002D2D62723D766972627230002D2D66643D3231
type=ANOM_PROMISCUOUS msg=audit(1412582369.404:187): dev=tap0 prom=0 old_prom=256 auid=1000 uid=1000 gid=1000 ses=1



the selinux troubleshooter does not see this error.


This error causes the VM to fail to start. If I setenforce 0, it starts correctly.
Comment 1 Miroslav Grepl 2014-10-06 09:01:41 UTC 
Yes, we have bugs for libvirtd.
Comment 2 Miroslav Grepl 2014-10-06 09:17:30 UTC 

*** This bug has been marked as a duplicate of bug 1147057 ***