Description of problem: Using virt-manager, I could not start the virtual network. virsh net-start NETWORk error: internal error Child process (/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/TheNetwork.conf) unexpected exit status 2: dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket Version-Release number of selected component (if applicable): dnsmasq-2.66-3.fc19.x86_64 How reproducible: Always Steps to Reproduce: 1. In virt-manager, create vm and newtork (mine does have IPv6 addresses, so they were created manually) 2. virsh net-start thenetwork Actual results: # net-start TheNetwork error: Failed to start network TheNetwork error: internal error Child process (/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/TheNetwork.conf) unexpected exit status 2: dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket I needed to upgrade several machines to F19 to get various versions/programs/features. Things went south. I am not sure what happened other than it may be related to https://www.redhat.com/archives/enterprise-watch-list/2013-February/msg00021.html I do not have any DHCP setup with my virtual domains. I do not even know why the thing starts dnsmasq.
<network> <name>TheNetwork</name> <uuid>UUID REMOVED</uuid> <bridge name='virbr0' stp='off' delay='0' /> <forward mode='route'/> <mac address='xx:xx:00:xx:xx:xx'/> <ip address='10.0.1.1' netmask='255.255.255.0'> </ip> <ip family='ipv6' address='fd00:0000:0000:1::1' prefix='64'> </ip> <ip family='ipv6' address='2001:0000:0000:0::1' prefix='64'> </ip> </network> The above is one of the two virtual networks that are refusing to work completely!
http://kojipkgs.fedoraproject.org//packages/dnsmasq/2.66/5.fc19/x86_64/dnsmasq-2.66-5.fc19.x86_64.rpm does not fix the problem.
It is IPv6 related it appears.
Is this a problem with starting radvd from dnsmasq?
I'm pretty sure that dnsmasq doesn't start radvd. Depending on the version of dnsmasq, *libvirt* may start radvd, but if you're running dnsmasq-2.66, then libvirt is using dnsmasq's own RA support rather than separately starting radvd. It might be helpful if you attached "/var/lib/libvirt/dnsmasq/TheNetwork.conf". (I doubt that I'll understand anything extra from it, but Thomas or Simon might).
strict-order domain-needed local=// pid-file=/var/run/libvirt/network/DMZ.pid except-interface=lo bind-dynamic interface=virbr1 addn-hosts=/var/lib/libvirt/dnsmasq/DMZ.addnhosts dhcp-range=fdac:xxxx:xxxx::1,ra-only dhcp-range=2001:xxxx:xxxx:xxxx::1,ra-only Sorry for not attaching.
As for radvd, it used to. I honestly do not know now and cannot check as this is my only setup.
Yes, older libvirt used to start an radvd process to handle IPv6 RA. A few releases ago it was changed to use dnsmasq instead (iff the version of dnsmasq on the host is new enough to have that capability).
Alright, then I guess I haven't a clue what is causing the problem. Interestingly enough, if I run dnsmasq with /var/lib/libvirt/dnsmasq/TheNetwork.conf directly, I don't get the error. So, maybe this is in libvirt?
Are there any AVC records in /var/log/audit/audit.log? Does it still fail after doing a "setenforce permissive"?
There are lots of them in audit. But, SELINUX=permissive is set on this machine in /etc/selinux/config
Patch here. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cfcad42ff1ddee8e64d120f18016a654152d0215 Enabling DHCPv6 as well as RA will workaround: ie s/ra-only/ra-stateless/ in config file. Cheers, Simon.
Thank you Simon. Any chance this patch will be pushed soon? Can you show how I might temporarily enable dhcpv6 without causing trouble in the configuration I gave? Thank you!
(In reply to comment #12) > Patch here. > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff; > h=cfcad42ff1ddee8e64d120f18016a654152d0215 > > Enabling DHCPv6 as well as RA will workaround: ie s/ra-only/ra-stateless/ in > config file. > > Cheers, > > Simon. Thank you Simon for a quick fix. (In reply to comment #13) > Thank you Simon. Any chance this patch will be pushed soon? Can you show how > I might temporarily enable dhcpv6 without causing trouble in the > configuration I gave? Thank you! I will include the patch in Fedora 19 dnsmasq-2.66 ASAP.
dnsmasq-2.66-6.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/dnsmasq-2.66-6.fc19
I am sorry. I would leave karma, but something happened and I can not login to koji anymore. I get an SSL error even though I have added an exception for the self signed cert to Firefox. Secure Connection Failed An error occurred during a connection to koji.fedoraproject.org. SSL peer was unable to negotiate an acceptable set of security parameters. (Error code: ssl_error_handshake_failure_alert)
This did fix the problem. Thank you all who were involved in the fix. I greatly appreciate this.
Package dnsmasq-2.66-6.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing dnsmasq-2.66-6.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-8496/dnsmasq-2.66-6.fc19 then log in and leave karma (feedback).
dnsmasq-2.66-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.