No dhcp on host0

[npmccallum]

I am using the default config on Fedora Rawhide. I started systemd-networkd on both the host and container. When starting the container with -nbD $name, I get a host0 interface. However, there doesn't appear to be any DHCP on the interface since I only get link local addressing.

The guest shows:

# networkctl 
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 host0            ether              degraded    configuring

# networkctl status
●      State: degraded
     Address: 169.254.36.149 on host0
              fe80::1499:3aff:feae:1560 on host0

The host shows:

IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 wlp3s0           wlan               routable    unmanaged 
  3 virbr0           ether              no-carrier  unmanaged 
  4 virbr0-nic       ether              off         unmanaged 
 12 br0              ether              off         unmanaged 
 14 ve-ipa           ether              routable    configured

[poettering]

Please provide the "networkctl status host0" output from the container, and the "networkctl status ve-ipa" output from the host... (under the assumption that this is the connection to the container, i.e. the other side of host0)?

[npmccallum]

Container:

# networkctl status host0
● 2: host0
       Link File: n/a
    Network File: /usr/lib/systemd/network/80-container-host0.network
            Type: ether
           State: degraded (configuring)
      HW Address: 16:99:3a:ae:15:60
             MTU: 1500
         Address: 169.254.36.149
                  fe80::1499:3aff:feae:1560

Host:

$ networkctl status ve-ipa
● 5: ve-ipa
       Link File: /usr/lib/systemd/network/99-default.link
    Network File: /usr/lib/systemd/network/80-container-ve.network
            Type: ether
           State: routable (configured)
          Driver: veth
      HW Address: 96:c3:af:31:6c:e2
             MTU: 1500
         Address: 10.0.0.1
                  169.254.136.220
                  fe80::94c3:afff:fe31:6ce2

[npmccallum]

Also, selinux is in permissive mode.

[npmccallum]

@poettering The needs-reporter-feedback tag can be removed. :)

[poettering]

hmm, i have no idea what might be causing this. maybe some firewall of some kind? the configuration of the ifaces looks correct really.

the only other suggestion i have is to use tcpdump/wireshark to check what's going on on the wire...

[npmccallum]

This appears to be a bug with Fedora's default policy in firewalld. Once I disabled firewalld and flushed the iptables policy, everything worked. I'll file a bug upstream.

[poettering]

Ah, thanks for tracking this down!