1149600 – I think SELinux blocks gnome-boxes (libvirt) with bridged networking

Bug 1149600 - I think SELinux blocks gnome-boxes (libvirt) with bridged networking

Summary: I think SELinux blocks gnome-boxes (libvirt) with bridged networking

Keywords:
Status:	CLOSED DUPLICATE of bug 1147057
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-10-06 08:00 UTC by Elad Alfassa
Modified:	2014-10-06 09:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-10-06 09:17:30 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Elad Alfassa 2014-10-06 08:00:47 UTC

When trying to start a Boxes machine that has bridged networking configured, I see these error in my logs:


Oct 06 10:49:30 rincewind libvirtd[3110]: Unable to open vhost-net. Opened so far 0, requested 1
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to set security context 'system_u:object_r:tun_tap_device_t:s0:c1006,c1016' on fd 21: Operation not permitted
Oct 06 10:49:30 rincewind libvirtd[3110]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[3110]: unable to read: /sys/class/net/tap0/operstate: No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: Failed to open file '/sys/class/net/tap0/operstate': No such file or directory
Oct 06 10:49:30 rincewind libvirtd[706]: unable to read: /sys/class/net/tap0/operstate: No such file or directory



type=ANOM_PROMISCUOUS msg=audit(1412582369.389:186): dev=tap0 prom=256 old_prom=0 auid=1000 uid=1000 gid=1000 ses=1
type=SYSCALL msg=audit(1412582369.389:186): arch=c000003e syscall=16 success=yes exit=0 a0=5 a1=89a2 a2=7fffb218aef0 a3=7ff557e10500 items=0 ppid=3110 pid=5718 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="qemu-bridge-hel" exe="/usr/libexec/qemu-bridge-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1412582369.389:186): proctitle=2F7573722F6C6962657865632F71656D752D6272696467652D68656C706572002D2D7573652D766E6574002D2D62723D766972627230002D2D66643D3231
type=ANOM_PROMISCUOUS msg=audit(1412582369.404:187): dev=tap0 prom=0 old_prom=256 auid=1000 uid=1000 gid=1000 ses=1



the selinux troubleshooter does not see this error.


This error causes the VM to fail to start. If I setenforce 0, it starts correctly.

Comment 1 Miroslav Grepl 2014-10-06 09:01:41 UTC

Yes, we have bugs for libvirtd.

Comment 2 Miroslav Grepl 2014-10-06 09:17:30 UTC


*** This bug has been marked as a duplicate of bug 1147057 ***

Note You need to log in before you can comment on or make changes to this bug.