[SOLVED] Virtual network issue (virsh net-start default)

I’ve got a brand new Fedora 29 install and when I try to create virtual machine with virt-manager I’m getting some errors related to the default network. Any ideas on what is going on here?

$ sudo virsh net-list --all
Name                 State      Autostart     Persistent
----------------------------------------------------------
default              inactive   yes           yes

$ sudo virsh net-start default
error: Failed to start network default
error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq 
--conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro
--dhcp-script=/usr/libexec/libvirt_leaseshelper) unexpected exit status 3: 
dnsmasq: cannot read /var/lib/libvirt/dnsmasq/default.conf: Permission denied

I solved this so I figured I’d post the fix (to my specific problem) in case anybody else runs into this. This was happening due to an SELinux policy violation. Here is what I did:

$ sudo setenforce 0 # disable SELinux momentarily
$ sudo virsh net-start default # this worked which meant SELinux was involved
$ sudo setenforce 1 # renable SELinux
$ sudo ausearch -m AVC,USER_AVC,SELINUX_ERR -ts recent # inspect the SELinux alerts if you're interested

Then I remembered…I’d created a new logical volume for /var/lib/libvirt to host all virtual machine configs and then just copied all of the original directories over - this was my mistake - SELinux somehow knows they are copied files and was denying access. (I really don’t understand SELinux…) To fix, I needed to restore the permissions:

$ restorecon -rv /var/lib/libvirt

Then the network started right up.

Any suggestions on good resources on learning about SELinux? :grin:

1 Like