Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2224464

Summary: ovs-vswitch create virtio port failed when enable selinux
Product: Red Hat Enterprise Linux Fast Datapath Reporter: mhou <mhou>
Component: openvswitch-selinux-extra-policyAssignee: Aaron Conole <aconole>
Status: CLOSED EOL QA Contact: mhou <mhou>
Severity: medium Docs Contact:
Priority: unspecified    
Version: RHEL 9.0CC: ctrautma, qding
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-10-08 17:49:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mhou 2023-07-21 02:29:22 UTC 
Description of problem:
run ovs-vsctl add-port ovsbr0 g1_dpdk1 -- set interface g1_dpdk1 type=dpdk -- set interface g1_dpdk1 options:dpdk-devargs="net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1" failed.

Version-Release number of selected component (if applicable):
openvswitch3.1-3.1.0-35.el9fdp

How reproducible:100%


Steps to Reproduce:
1. create virtio port
# systemctl start openvswitch
# ovs-vsctl set Open_vSwitch . other_config:dpdk-init=true
# ovs-vsctl add-br ovsbr0 -- set bridge ovsbr0 datapath_type=netdev
# ovs-vsctl add-port ovsbr0 g1_dpdk1 -- set interface g1_dpdk1 type=dpdk -- set interface g1_dpdk1 options:dpdk-devargs="net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1"
2. try to import selinux policy
# grep "openvswitch_t" /var/log/audit/audit.log | audit2allow -M ovslocal
# semodule -i ovslocal.pp
# ovs-vsctl add-port ovsbr0 g1_dpdk1 -- set interface g1_dpdk1 type=dpdk -- set interface g1_dpdk1 options:dpdk-devargs="net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1"
ovs-vsctl: Error detected while setting up 'g1_dpdk1': Error attaching device 'net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1' to DPDK.  See ovs-vswitchd log for details.
ovs-vsctl: The default log directory is "/var/log/openvswitch".

3. check the selinux label on /dev/vhost-net
# ll -Z /dev/vhost-net 
crw-rw-rw-. 1 root kvm system_u:object_r:vhost_device_t:s0 10, 238 Jul 19 12:22 /dev/vhost-net

Actual results:
1. create port failed and see err log on ovs-vswitchd.log
2023-07-21T02:18:28.722Z|00060|dpif_netdev|INFO|PMD load based sleeps are disabled.
2023-07-21T02:18:28.727Z|00061|bridge|INFO|bridge ovsbr0: added interface ovsbr0 on port 65534
2023-07-21T02:18:28.728Z|00062|bridge|INFO|bridge ovsbr0: using datapath ID 00002e1da8e75e42
2023-07-21T02:18:28.728Z|00063|connmgr|INFO|ovsbr0: added service controller "punix:/var/run/openvswitch/ovsbr0.mgmt"
2023-07-21T02:18:53.614Z|00064|dpdk|ERR|virtio_user_backend_type(): Stat fails: /dev/vhost-net (Permission denied)
2023-07-21T02:18:53.614Z|00065|dpdk|ERR|virtio_user_pmd_probe(): unable to determine backend type for path /dev/vhost-net
2023-07-21T02:18:53.614Z|00066|dpdk|ERR|EAL: Driver cannot attach the device (net_virtio_user0)
2023-07-21T02:18:53.614Z|00067|dpdk|ERR|EAL: Failed to attach device on primary process
2023-07-21T02:18:53.614Z|00068|netdev_dpdk|WARN|Error attaching device 'net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1' to DPDK
2023-07-21T02:18:53.614Z|00069|netdev|WARN|g1_dpdk1: could not set configuration (Invalid argument)
2023-07-21T02:18:53.614Z|00070|dpdk|ERR|Invalid port_id=1024
2023-07-21T02:19:36.099Z|00071|dpdk|ERR|vhost_kernel_setup(): fail to open /dev/vhost-net, Permission denied
2023-07-21T02:19:36.099Z|00072|dpdk|ERR|virtio_user_dev_setup(): (/dev/vhost-net) Failed to setup backend
2023-07-21T02:19:36.099Z|00073|dpdk|ERR|virtio_user_dev_init(): (/dev/vhost-net) backend set up fails
2023-07-21T02:19:36.099Z|00074|dpdk|ERR|virtio_user_pmd_probe(): virtio_user_dev_init fails
2023-07-21T02:19:36.099Z|00075|dpdk|ERR|EAL: Driver cannot attach the device (net_virtio_user0)
2023-07-21T02:19:36.099Z|00076|dpdk|ERR|EAL: Failed to attach device on primary process
2023-07-21T02:19:36.099Z|00077|netdev_dpdk|WARN|Error attaching device 'net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1' to DPDK
2023-07-21T02:19:36.099Z|00078|netdev|WARN|g1_dpdk1: could not set configuration (Invalid argument)
2023-07-21T02:19:36.099Z|00079|dpdk|ERR|Invalid port_id=1024
2023-07-21T02:21:09.852Z|00080|dpdk|ERR|vhost_kernel_setup(): fail to open /dev/vhost-net, Permission denied
2023-07-21T02:21:09.852Z|00081|dpdk|ERR|virtio_user_dev_setup(): (/dev/vhost-net) Failed to setup backend
2023-07-21T02:21:09.852Z|00082|dpdk|ERR|virtio_user_dev_init(): (/dev/vhost-net) backend set up fails
2023-07-21T02:21:09.852Z|00083|dpdk|ERR|virtio_user_pmd_probe(): virtio_user_dev_init fails
2023-07-21T02:21:09.852Z|00084|dpdk|ERR|EAL: Driver cannot attach the device (net_virtio_user0)
2023-07-21T02:21:09.852Z|00085|dpdk|ERR|EAL: Failed to attach device on primary process
2023-07-21T02:21:09.852Z|00086|netdev_dpdk|WARN|Error attaching device 'net_virtio_user0,path=/dev/vhost-net,iface=g1_dpdk1' to DPDK
2023-07-21T02:21:09.852Z|00087|netdev|WARN|g1_dpdk1: could not set configuration (Invalid argument)
2023-07-21T02:21:09.852Z|00088|dpdk|ERR|Invalid port_id=1024


Expected results:
openvswitch-selinux should support selinux label with virtio tap device

Additional info:
Comment 1 ovs-bot 2024-10-08 17:49:14 UTC 
This bug did not meet the criteria for automatic migration and is being closed.
If the issue remains, please open a new ticket in https://issues.redhat.com/browse/FDP