Error starting domain: Requested operation is not valid: network 'default' is not active
The above only happens when SElinux is Enabled. When Disabled, everything works. The same happens on both my VMs (Fedora and Windows).
Looking at https://wiki.libvirt.org/page/Networking I tried:
# virsh net-list --all Name State Autostart Persistent ---------------------------------------------- default inactive yes yes
# virsh net-start default error: Failed to start network default error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper) unexpected exit status 11: dnsmasq: lease-init script returned exit code 1
I run my own dnsmasq (and QEMU/KVM runs its own dnsmasq separately) but this has not been an issue recently.
# cat /var/lib/libvirt/dnsmasq/default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ## virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order pid-file=/var/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
Ideas on what's causing this would be welcome.
poc
On 8/18/19 1:23 AM, Patrick O'Callaghan wrote:
The above only happens when SElinux is Enabled. When Disabled, everything works. The same happens on both my VMs (Fedora and Windows).
Looking at https://wiki.libvirt.org/page/Networking I tried:
# virsh net-list --all Name State Autostart Persistent
default inactive yes yes
# virsh net-start default error: Failed to start network default error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper) unexpected exit status 11: dnsmasq: lease-init script returned exit code 1
I run my own dnsmasq (and QEMU/KVM runs its own dnsmasq separately) but this has not been an issue recently.
# cat /var/lib/libvirt/dnsmasq/default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ## virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order pid-file=/var/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
Ideas on what's causing this would be welcome.
You're not getting any AVC's, correct?
In that case you should do...
semodule -DB to remove dontaudits from policy and then test again with selinux enabled and see if AVC's are created.
semodule -B after testing will turn dontaudits back on.
On Sun, 2019-08-18 at 10:30 +0800, Ed Greshko wrote:
On 8/18/19 1:23 AM, Patrick O'Callaghan wrote:
The above only happens when SElinux is Enabled. When Disabled, everything works. The same happens on both my VMs (Fedora and Windows).
Looking at https://wiki.libvirt.org/page/Networking I tried:
# virsh net-list --all Name State Autostart Persistent
default inactive yes yes
# virsh net-start default error: Failed to start network default error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper) unexpected exit status 11: dnsmasq: lease-init script returned exit code 1
I run my own dnsmasq (and QEMU/KVM runs its own dnsmasq separately) but this has not been an issue recently.
# cat /var/lib/libvirt/dnsmasq/default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ## virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order pid-file=/var/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
Ideas on what's causing this would be welcome.
You're not getting any AVC's, correct?
In that case you should do...
semodule -DB to remove dontaudits from policy and then test again with selinux enabled and see if AVC's are created.
semodule -B after testing will turn dontaudits back on.
Did that and the problem has magically disappeared. No AVCs were reported, though I did relabel after turning SElinux back on.
Curiously, I now see:
$ virsh net-list --all Name State Autostart Persistent ----------------------------------------
(i.e. empty) but my VMs are working.
poc
On 8/19/19 6:54 PM, Patrick O'Callaghan wrote:
Did that and the problem has magically disappeared. No AVCs were reported, though I did relabel after turning SElinux back on.
Curiously, I now see:
$ virsh net-list --all Name State Autostart Persistent
(i.e. empty) but my VMs are working.
The relabel most likely cleared things up. As for the empty list, it is probably.....
[egreshko@meimei ~]$ virsh net-list --all Name State Autostart Persistent ----------------------------------------
[egreshko@meimei ~]$ sudo virsh net-list --all Name State Autostart Persistent -------------------------------------------- default active yes yes
On Mon, 2019-08-19 at 20:12 +0800, Ed Greshko wrote:
On 8/19/19 6:54 PM, Patrick O'Callaghan wrote:
Did that and the problem has magically disappeared. No AVCs were reported, though I did relabel after turning SElinux back on.
Curiously, I now see:
$ virsh net-list --all Name State Autostart Persistent
(i.e. empty) but my VMs are working.
The relabel most likely cleared things up. As for the empty list, it is probably.....
[egreshko@meimei ~]$ virsh net-list --all Name State Autostart Persistent
[egreshko@meimei ~]$ sudo virsh net-list --all Name State Autostart Persistent
default active yes yes
Of course. Should have noticed that.
poc
-
Ed Greshko -
Patrick O'Callaghan