Description of problem: OVSBridge interfaces are not present on boot with kernel-4.2.3-200.fc22.x86_64 kernel-4.1.10-200.fc22.x86_64 worked fine ifup br-rhci ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device br-rhci does not seem to be present, delaying initialization. Version-Release number of selected component (if applicable): kernel-4.2.3-200.fc22.x86_64 How reproducible: Seems always. Two systems, multiple reboots. Steps to Reproduce: 1. Install kernel 4.1.10-200 2. configure an openvswitch bridge 3. Upgrade the kernel and reboot Actual results: openvswitch bridges are not present on boot Expected results: openvswitch bridges are present on boot Additional info: Booting to kernel-4.1.10-200.fc22.x86_64 makes the interfaces workable. # tail -f /var/log/messages -n 0 Oct 17 10:39:22 jmontleo systemd: Starting Open vSwitch Internal Unit... Oct 17 10:39:22 jmontleo ovs-ctl: Starting ovsdb-server [ OK ] Oct 17 10:39:22 jmontleo ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set Open_vSwitch . db-version=7.12.1 Oct 17 10:39:22 jmontleo ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set Open_vSwitch . ovs-version=2.4.0 "external-ids:system-id=\"46c569e5-a269-4d87-91e2-ed9b4a639a09\"" "system-type=\"Fedora\"" "system-version=\"22-TwentyTwo\"" Oct 17 10:39:22 jmontleo ovs-ctl: Configuring Open vSwitch system IDs [ OK ] Oct 17 10:39:22 jmontleo audit: <audit-1400> avc: denied { create } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 Oct 17 10:39:22 jmontleo audit: <audit-1400> avc: denied { setopt } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 Oct 17 10:39:22 jmontleo audit: <audit-1400> avc: denied { getopt } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 Oct 17 10:39:22 jmontleo audit: <audit-1400> avc: denied { connect } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 Oct 17 10:39:22 jmontleo audit: <audit-1400> avc: denied { getattr } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 Oct 17 10:39:22 jmontleo dbus[774]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper) Oct 17 10:39:22 jmontleo ovs-ctl: Starting ovs-vswitchd [ OK ] Oct 17 10:39:22 jmontleo ovs-ctl: Enabling remote OVSDB managers [ OK ] Oct 17 10:39:22 jmontleo systemd: Started Open vSwitch Internal Unit. Oct 17 10:39:22 jmontleo systemd: Starting Open vSwitch... Oct 17 10:39:22 jmontleo audit: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=openvswitch-nonetwork comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 17 10:39:22 jmontleo systemd: Started Open vSwitch. Oct 17 10:39:22 jmontleo audit: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=openvswitch comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 17 10:39:22 jmontleo dbus[774]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Oct 17 10:39:23 jmontleo setroubleshoot: SELinux is preventing ovs-vswitchd from create access on the netlink_generic_socket Unknown. For complete SELinux messages. run sealert -l e365e98c-f20f-4bb0-b8c4-5c634fb5b692 Oct 17 10:39:23 jmontleo python: SELinux is preventing ovs-vswitchd from create access on the netlink_generic_socket Unknown.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that ovs-vswitchd should be allowed create access on the Unknown netlink_generic_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Oct 17 10:39:23 jmontleo setroubleshoot: SELinux is preventing ovs-vswitchd from setopt access on the netlink_generic_socket Unknown. For complete SELinux messages. run sealert -l 0ef5f5f0-2450-4965-bfc8-e5d2b5ff2a77 Oct 17 10:39:23 jmontleo python: SELinux is preventing ovs-vswitchd from setopt access on the netlink_generic_socket Unknown.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that ovs-vswitchd should be allowed setopt access on the Unknown netlink_generic_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Oct 17 10:39:23 jmontleo setroubleshoot: SELinux is preventing ovs-vswitchd from getopt access on the netlink_generic_socket Unknown. For complete SELinux messages. run sealert -l 980e08e9-9fb2-47e7-af34-0f1e134674f5 Oct 17 10:39:23 jmontleo python: SELinux is preventing ovs-vswitchd from getopt access on the netlink_generic_socket Unknown.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that ovs-vswitchd should be allowed getopt access on the Unknown netlink_generic_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Oct 17 10:39:23 jmontleo setroubleshoot: SELinux is preventing ovs-vswitchd from connect access on the netlink_generic_socket Unknown. For complete SELinux messages. run sealert -l fde06c5c-c8f2-4523-bfdc-81a58e26c757 Oct 17 10:39:23 jmontleo python: SELinux is preventing ovs-vswitchd from connect access on the netlink_generic_socket Unknown.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that ovs-vswitchd should be allowed connect access on the Unknown netlink_generic_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Oct 17 10:39:23 jmontleo setroubleshoot: SELinux is preventing ovs-vswitchd from getattr access on the netlink_generic_socket Unknown. For complete SELinux messages. run sealert -l 3e3719c2-0fa8-41e4-b4ad-de654067f3d3 Oct 17 10:39:23 jmontleo python: SELinux is preventing ovs-vswitchd from getattr access on the netlink_generic_socket Unknown.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that ovs-vswitchd should be allowed getattr access on the Unknown netlink_generic_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 ^C [root@jmontleo ~]# grep ovs-vswitchd /var/log/audit/audit.log type=AVC msg=audit(1445089688.458:102): avc: denied { create } for pid=999 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=0 type=AVC msg=audit(1445092320.118:413): avc: denied { create } for pid=5365 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=0 type=AVC msg=audit(1445092525.428:420): avc: denied { create } for pid=5771 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092525.428:421): avc: denied { setopt } for pid=5771 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092525.428:422): avc: denied { getopt } for pid=5771 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092525.428:423): avc: denied { connect } for pid=5771 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092525.428:424): avc: denied { getattr } for pid=5771 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092674.288:433): avc: denied { create } for pid=6459 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092674.288:434): avc: denied { setopt } for pid=6459 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092674.288:435): avc: denied { getopt } for pid=6459 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092674.288:436): avc: denied { connect } for pid=6459 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092674.288:437): avc: denied { getattr } for pid=6459 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092762.268:446): avc: denied { create } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092762.268:447): avc: denied { setopt } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092762.268:448): avc: denied { getopt } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092762.268:449): avc: denied { connect } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 type=AVC msg=audit(1445092762.268:450): avc: denied { getattr } for pid=7532 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=netlink_generic_socket permissive=1 [root@jmontleo ~]# grep ovs-vswitchd /var/log/audit/audit.log | audit2allow -m ovs module ovs 1.0; require { type openvswitch_t; class netlink_generic_socket { getopt getattr create connect setopt }; } #============= openvswitch_t ============== allow openvswitch_t self:netlink_generic_socket { connect getopt getattr create setopt };
read and write are also needed to ifup the interface and send traffic across any vxlan interfaces. module ovs-custom-1 1.0; require { type openvswitch_t; class netlink_generic_socket { write getattr setopt read getopt create connect }; } #============= openvswitch_t ============== allow openvswitch_t self:netlink_generic_socket { write getattr setopt read getopt create connect };
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.