Bug 222356

Summary: Errors when creating VM with virt-manager
Product: [Fedora] Fedora Reporter: Adam Huffman <bloch>
Component: xenAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: bstein, katzj
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: xen-3.0.3-8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-02 12:31:22 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Attachments:
Description Flags
SELinux error
none
Another SELinux error from this attempt at VM creation
none
Xen config
none
More SELinux errors
none
xend.log from the relevant day none

Description Adam Huffman 2007-01-11 15:31:35 EST
Description of problem:
While trying to create fully virtualized guests, SELinux errors are reported.

Version-Release number of selected component (if applicable):
xen-3.0.3-1.fc6

How reproducible:
Every time

Steps to Reproduce:
1. Use graphical VM creator
2. 
3.
  
Actual results:
Error reported at final stage

Expected results:
New virtual machine is created

Additional info:
Comment 1 Adam Huffman 2007-01-11 15:31:35 EST
Created attachment 145389 [details]
SELinux error
Comment 2 Adam Huffman 2007-01-11 15:33:40 EST
Created attachment 145390 [details]
Another SELinux error from this attempt at VM creation
Comment 3 Adam Huffman 2007-01-11 15:34:38 EST
The error reported by the application was:

Error: Device 768 (vbd) could not be connected. Hotplug scripts not working
Comment 4 Stephen Tweedie 2007-01-11 18:32:14 EST
Could you post your guest config file please?  
Comment 5 Adam Huffman 2007-01-12 13:02:51 EST
I couldn't find any config files as I'd deleted the last two attempts.  Just now
I've tried again and it's worked, for the first time.

I'll try again and if that works too, I'll close the bug.  

Perhaps a different update has cured the problem?
Comment 6 Adam Huffman 2007-01-12 13:08:56 EST
Actually, the new virtual machine crashed during installation, but at least the
Xen errors didn't recur.
Comment 7 Adam Huffman 2007-01-12 13:15:57 EST
Trying again now, and there are SElinux denials, but against net-tools.
Comment 8 Adam Huffman 2007-01-12 13:18:35 EST
Created attachment 145473 [details]
Xen config
Comment 9 Adam Huffman 2007-01-12 13:20:28 EST
Created attachment 145474 [details]
More SELinux errors

Net-related error triggered during virtual machine creation - should this be
filed separately, against net-tools?
Comment 10 Daniel Berrange 2007-01-12 13:25:13 EST
Nope, the SELinux report here is misleading - this definitely looks like a bug
in XenD / Xen networking scripts, rather than net-tools. I suspect its failing
to close a filehandle before running the net scripts.

What version of the SELinux policy have you got installed ?
Comment 11 Adam Huffman 2007-01-12 13:38:44 EST
2.4.6-17
Comment 12 Stephen Tweedie 2007-01-12 16:00:44 EST
OK, can you please post /var/log/xen/xend.log output from the failed attempt to
launch the guest?
Comment 13 Adam Huffman 2007-01-15 07:55:00 EST
Created attachment 145570 [details]
xend.log from the relevant day
Comment 14 Trolle Selander 2007-01-15 08:22:22 EST
I've encountered this issue too. It may be a dupe of bug #214700 - check if your
xen bridge is named xenbr1 instead of xenbr0.
Comment 15 Daniel Berrange 2007-01-15 08:32:36 EST
WRT to comment #14 - we no longer hardcode xenbr0 - provided you have
python-virtinst >= 0.97 installed, virt-manager will automatically pick the
correct bridge device based on info from the host routing tables.
Comment 16 Stephen Tweedie 2007-01-15 10:55:26 EST
re comment #9, "Net-related error triggered during virtual machine creation -
should this be filed separately, against net-tools?":

Yes thanks, separate bugs need separate bugzillas, it's not possible to track
what's going on otherwise.
Comment 17 Adam Huffman 2007-01-16 14:06:54 EST
The xen bridge is xenbr0 and I do meet those python-virtinst version requirements.

I have filed a separate bug against net-tools.
Comment 18 Daniel Berrange 2007-03-27 11:24:32 EDT
There was a recent update to the Xen RPM in FC6 which fixed a bug where QEMU
would leak file handles to the networking script, which in turn caused SELinux
AVCs. 

* Tue Mar  6 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script

Please update to at least  3.0.3-7.fc6,  restart XenD and then try & reproduce
the problem again.
Comment 19 Adam Huffman 2007-04-02 12:31:22 EDT
Yes, that seems to have fixed the problem.