Bug 614338
Summary: | setting Security Model=None take no effect without any prompt/warning | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | dyuan |
Component: | virt-manager | Assignee: | Cole Robinson <crobinso> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | berrange, dallan, eblake, llim, mliu, weizhan, xen-maint, yoyzhang |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-19 13:46:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
dyuan
2010-07-14 07:35:41 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. It has been denied for the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** Pretty sure this is a libvirt limitation, there isn't any way in the XML to specify 'don't use any security model for this guest'. Reassigning to libvirt Patches have been sent upstream: https://www.redhat.com/archives/libvir-list/2011-January/msg00468.html However they are dependent on changes that have gone in past 0.8.7 which probably shouldn't be backported to 6.1. So since this isn't a customer request, I think it might be best push this off to 6.2. NB, we explicitly didn't allow any way to selectively disable security on individual domains in sVirt. One single unconfined guests running on a host, can compromise the security protection of all other guests. No guest should be allowed to run unconfined, if SELinux is set to enforcing. While if it is permissive, then there's no benefit to selectively allowing unconfined guests, because all are effectively unconfined. Okay, since the general premise has been rejected upstream, reassigning back to virt-manager. The UI should make it clear that security can not be disabled. Arguably libvirt should still raise an explicit error if model=none was requested in XML, instead of silently using model=selinux anyway. Cole's patches to convert from a free-form string to a checked enum would help in that regard. I'm pretty sure libvirt does raise an error if model='none', in the SecurityVerify step. The way virt-manager was trying to disable security was by just removing the entire <seclabel>, which has never worked. Fixed upstream: http://hg.fedorahosted.org/hg/virt-manager/rev/550da554b0ac This is already fixed in virt-manager-0.8.6-1 Verified this bug PASS with virt-manager-0.8.6-2.el6.noarch Open virt-manager, double click on a guest, select view->Details, could see 'none' selection for security model is removed and only 'selinux' for it. Verified this bug PASS with virt-manager-0.8.6-3.el6.noarch An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0637.html |