[Bug 1199518] New: Missing SELinux rules for libvirtd's dnsmasq
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518 Bug ID: 1199518 Summary: Missing SELinux rules for libvirtd's dnsmasq Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: MicroOS Assignee: kubic-bugs@opensuse.org Reporter: luca.dimaio1@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0 Build Identifier: If you install virtualizations patterns on MicroOS, it won't work with SELinux enforcing. Starting the default NAT network will result in: Could not start virtual network 'default': internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper) unexpected exit status 5: dnsmasq: failed to create inotify for /etc/resolv.conf: Permission denied Reproducible: Always Steps to Reproduce: 1. sudo tukit --discard --continue execute zypper in -t pattern kvm_server kvm_tools (then reboot) 2. open virt-manager, and connect to qemu:///system session 3. start default network Actual Results: Could not start virtual network 'default': internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper) unexpected exit status 5: dnsmasq: failed to create inotify for /etc/resolv.conf: Permission denied Expected Results: Network should start -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518#c1
--- Comment #1 from Luca Di Maio
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518#c2
Dario Faggioli
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518#c3
--- Comment #3 from Luca Di Maio
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518#c4
James Fehlig
Jim, is this something you usually deal with and take care of, within libvirt? Or should it be handled by SELinux (or maybe even networking/dnsmasq) people?
I have never dealt with selinux policies and I'd prefer not to get into the business of owning/maintaining them. I thought SUSE hired someone for that purpose? Someone to own and maintain the policies? -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518
http://bugzilla.opensuse.org/show_bug.cgi?id=1199518#c5
Dario Faggioli
participants (1)
-
bugzilla_noreply@suse.com