Bug 1127159 - libvirt can attach interface to a bridge in session mode
Summary: libvirt can attach interface to a bridge in session mode
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Erik Skultety
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-06 09:58 UTC by Luyao Huang
Modified: 2014-09-26 14:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-26 12:43:14 UTC


Attachments (Terms of Use)

Description Luyao Huang 2014-08-06 09:58:11 UTC
Description of problem:
libvirt can attach interface to a bridge in session mode

Version-Release number of selected component (if applicable):
libvirt-1.2.7-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.$ virsh uri
qemu:///session

2.$ virsh dumpxml sdsd
    <interface type='network'>
      <mac address='52:54:00:c2:0b:e9'/>
      <source network='host-bridge'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </interface>



3.$ virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 host-bridge          active     no            yes

4.$ virsh net-dumpxml host-bridge
<network connections='1'>
  <name>host-bridge</name>
  <uuid>3b251430-0eb4-4670-96e5-9ddd6d0bd90f</uuid>
  <forward mode='bridge'/>
  <bridge name='virbr0'/>      <--------------------must use bridge named this
</network>

5.$ brctl show
bridge name        bridge id                STP enabled        interfaces
virbr0                8000.525400a70ba2        yes                virbr0-nic

6.$ virsh start sdsd
Domain sdsd started

7.$ brctl show
bridge name        bridge id                STP enabled        interfaces
virbr0                8000.525400a70ba2        yes                tap0
                                                        virbr0-nic
8.$ virsh domiflist sdsd
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap0       bridge     virbr0     rtl8139     52:54:00:c2:0b:e9

9.$ ip link

14: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UNKNOWN mode DEFAULT qlen 500
    link/ether fe:21:e1:f5:ae:bf brd ff:ff:ff:ff:ff:ff


10.$ ip link del tap0
RTNETLINK answers: Operation not permitted

11.$ virsh destroy sdsd
Domain sdsd destroyed

12.$ ip link

Actual results:
libvirt will add a new interface to virbr0 when start the guest

Expected results:
libvirt should not attach interface to a bridge in session mode,and guest can't
start,report error like:
error: Failed to start domain test
error: failed to retrieve file descriptor for interface: Transport
endpoint is not connected


Additional info:

If use a bridge named virbr1 or other,i can't start guest and no
 new interface add by libvirt.The error just like:

$ virsh start test
error: Failed to start domain test
error: failed to retrieve file descriptor for interface: Transport
endpoint is not connected
(also this error messages are not clearly enough)

And found some log :

tailf /var/log/message:
...
Aug  6 14:45:40 localhost kernel: device tap0 left promiscuous mode
Aug  6 14:45:40 localhost kernel: virbr0: port 1(tap0) entered disabled state
Aug  6 14:45:40 localhost kvm: 0 guests now active
Aug  6 14:45:41 localhost kernel: device tap0 entered promiscuous mode
Aug  6 14:45:41 localhost kvm: 1 guest now active
...





I don't know if it is a kind of elevation of privilage,so set private first.

Comment 3 Erik Skultety 2014-09-26 12:43:14 UTC
First of all, the VM should fail to start (tested on RHEL 7 & fedora 20) with an error "unable to set security context" when trying to label a tap device. Secondly, we do check for user privileges, however we rely on qemu-bridge-helper (https://wiki.archlinux.org/index.php/QEMU#Bridged_networking_using_qemu-bridge-helper) which is available since QEMU 1.1 and permits to create a tap device on an existing bridge.

Comment 4 Laine Stump 2014-09-26 14:48:10 UTC
Correct. This is specifically requested and supported behavior. Without it, session mode guests would be limited to usermode networking.


Note You need to log in before you can comment on or make changes to this bug.