Description of problem: While trying to create fully virtualized guests, SELinux errors are reported. Version-Release number of selected component (if applicable): xen-3.0.3-1.fc6 How reproducible: Every time Steps to Reproduce: 1. Use graphical VM creator 2. 3. Actual results: Error reported at final stage Expected results: New virtual machine is created Additional info:
Created attachment 145389 [details] SELinux error
Created attachment 145390 [details] Another SELinux error from this attempt at VM creation
The error reported by the application was: Error: Device 768 (vbd) could not be connected. Hotplug scripts not working
Could you post your guest config file please?
I couldn't find any config files as I'd deleted the last two attempts. Just now I've tried again and it's worked, for the first time. I'll try again and if that works too, I'll close the bug. Perhaps a different update has cured the problem?
Actually, the new virtual machine crashed during installation, but at least the Xen errors didn't recur.
Trying again now, and there are SElinux denials, but against net-tools.
Created attachment 145473 [details] Xen config
Created attachment 145474 [details] More SELinux errors Net-related error triggered during virtual machine creation - should this be filed separately, against net-tools?
Nope, the SELinux report here is misleading - this definitely looks like a bug in XenD / Xen networking scripts, rather than net-tools. I suspect its failing to close a filehandle before running the net scripts. What version of the SELinux policy have you got installed ?
2.4.6-17
OK, can you please post /var/log/xen/xend.log output from the failed attempt to launch the guest?
Created attachment 145570 [details] xend.log from the relevant day
I've encountered this issue too. It may be a dupe of bug #214700 - check if your xen bridge is named xenbr1 instead of xenbr0.
WRT to comment #14 - we no longer hardcode xenbr0 - provided you have python-virtinst >= 0.97 installed, virt-manager will automatically pick the correct bridge device based on info from the host routing tables.
re comment #9, "Net-related error triggered during virtual machine creation - should this be filed separately, against net-tools?": Yes thanks, separate bugs need separate bugzillas, it's not possible to track what's going on otherwise.
The xen bridge is xenbr0 and I do meet those python-virtinst version requirements. I have filed a separate bug against net-tools.
There was a recent update to the Xen RPM in FC6 which fixed a bug where QEMU would leak file handles to the networking script, which in turn caused SELinux AVCs. * Tue Mar 6 2007 Daniel P. Berrange <berrange> - 3.0.3-7.fc6 - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634) - Fix ia64 shadow page table mode - Close QEMU file handles when running network script Please update to at least 3.0.3-7.fc6, restart XenD and then try & reproduce the problem again.
Yes, that seems to have fixed the problem.