On 161016-05:18+0200, Miroslav Rovis wrote:
> On 161014-12:11+0300, Aleksei wrote:
...
> 
> UPDATE: No, it isn't solved, but it wouldn't fit in this email. And I already
> wrote all of this. Pls. continuation should follow soon.

And it's much less now...

But first, pls. note that the:

http://localhost/CroatiaFidelis/foss/cap/cap-161015-qemu-devuan/

now contains three sets of screencast/traces. The last one is about what
this thread, by the subject, tries to solve.

The following is again a previously prepared text (a short while ago).

---

I was almost sure that after some more learning set into grsecurity policy:

# Role: root
subject /sbin/dhcpcd ol
        /                               h
        -CAP_ALL
        bind    disabled
        connect disabled

that qemu-created tap0 would connect to the br0 that I created and all would
be fine.

However, this is how it went:

Oct 16 05:02:12 g0n kernel: [169135.452910] grsec: 
(miro:U:/usr/bin/qemu-system-x86_64) exec of /usr/bin/qemu-system-x86_64 
(qemu-system-x86_64 -machine type=q35,accel=kvm -enable-kvm -cpu host -display 
gtk -m 1024M -device virtio-net,netdev=internet -n) by 
/usr/bin/qemu-system-x86_64[bash:9140] uid/euid:1000/1000 gid/egid:1000/1000, 
parent /bin/bash[bash:7730] uid/euid:1000/1000 gid/egid:1000/1000
Oct 16 05:02:12 g0n kernel: [169135.508108] grsec: 
(miro:U:/usr/libexec/qemu-bridge-helper) exec of 
/usr/libexec/qemu-bridge-helper (/usr/libexec/qemu-bridge-helper --use-vnet 
--fd=14 --br=br0 ) by /usr/libexec/qemu-bridge-helper[qemu-system-x86:9142] 
uid/euid:1000/1000 gid/egid:1000/1000, parent 
/usr/bin/qemu-system-x86_64[qemu-system-x86:9140] uid/euid:1000/1000 
gid/egid:1000/1000
Oct 16 05:02:12 g0n kernel: [169135.510897] br0: port 2(tap0) entered blocking 
state
Oct 16 05:02:12 g0n kernel: [169135.510901] br0: port 2(tap0) entered disabled 
state
Oct 16 05:02:12 g0n kernel: [169135.510971] device tap0 entered promiscuous mode
Oct 16 05:02:12 g0n kernel: [169135.511357] br0: port 2(tap0) entered blocking 
state
Oct 16 05:02:12 g0n kernel: [169135.511370] br0: port 2(tap0) entered 
forwarding state
Oct 16 05:02:12 g0n kernel: [169135.512008] grsec: (:::kernel::::S:/) exec of 
/bin/kmod (/sbin/modprobe -q -- net-pf-16-proto-16-family-nl80211 ) by 
/bin/kmod[kworker/u8:3:9145] uid/euid:0/0 gid/egid:0/0, parent 
/[kworker/u8:3:9107] uid/euid:0/0 gid/egid:0/0
Oct 16 05:02:12 g0n kernel: [169135.512085] grsec: (root:U:/) exec of 
/lib64/udev/net.sh (/lib/udev/net.sh tap0 start ) by 
/lib64/udev/net.sh[udevd:9144] uid/euid:0/0 gid/egid:0/0, parent 
/sbin/udevd[udevd:9143] uid/euid:0/0 gid/egid:0/0
Oct 16 05:02:12 g0n kernel: [169135.515087] grsec: 
(root:U:/lib64/dhcpcd/dhcpcd-run-hooks) exec of /lib64/dhcpcd/dhcpcd-run-hooks 
(/lib/dhcpcd/dhcpcd-run-hooks ) by /lib64/dhcpcd/dhcpcd-run-hooks[dhcpcd:9147] 
uid/euid:0/0 gid/egid:0/0, parent /sbin/dhcpcd[dhcpcd:7442] uid/euid:0/0 
gid/egid:0/0
Oct 16 05:02:12 g0n kernel: [169135.522691] grsec: 
(root:U:/lib64/dhcpcd/dhcpcd-run-hooks) exec of /lib64/dhcpcd/dhcpcd-run-hooks 
(/lib/dhcpcd/dhcpcd-run-hooks ) by /lib64/dhcpcd/dhcpcd-run-hooks[dhcpcd:9149] 
uid/euid:0/0 gid/egid:0/0, parent /sbin/dhcpcd[dhcpcd:7442] uid/euid:0/0 
gid/egid:0/0
Oct 16 05:02:12 g0n dhcpcd[7442]: tap0: IAID 84:04:7b:14
Oct 16 05:02:12 g0n dhcpcd[7442]: tap0: carrier lost

Esp. from the screencast at:

http://localhost/CroatiaFidelis/foss/cap/cap-161015-qemu-devuan/Screen_161016_0501_g0n.webm
 

it is clear qemu still wants to use eth0.

Regards! (really tired, I may be having just a little strength to
possibly try a little more to achive the proposed goal... today,
hopefully)
-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: Digital signature

Reply via email to