Bug 1138488
Summary: | one of guest will be shut off when restart libvirtd while disable the default security labeling | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Luyao Huang <lhuang> |
Component: | libvirt | Assignee: | Ján Tomko <jtomko> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.6 | CC: | dyuan, jtomko, libvirt-maint, mzhan, rbalakri, virt-bugs, vivianzhang, zhwang |
Target Milestone: | rc | Keywords: | Upstream |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | libvirt-0.10.2-48.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1138487 | Environment: | |
Last Closed: | 2015-07-22 05:47:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1138487 | ||
Bug Blocks: |
Description
Luyao Huang
2014-09-05 01:05:27 UTC
Fixed upstream by: commit a48362cdfeb5c948218a2e4bf7cc9354082fc1b6 Author: Shivaprasad G Bhat <shivaprasadbhat> AuthorDate: 2014-09-04 14:42:32 +0530 Commit: Martin Kletzander <mkletzan> CommitDate: 2014-09-07 17:09:34 +0200 selinux: Avoid label reservations for type = none For security type='none' libvirt according to the docs should not generate seclabel be it for selinux or any model. So, skip the reservation of labels when type is none. Signed-off-by: Shivaprasad G Bhat <sbhat.ibm.com> git describe: v1.2.8-46-ga48362c contains: v1.2.9-rc1~218 I can produce this bug on build libvirt-0.10.2-45.el6.x86_64 Verify it on build libvirt-0.10.2-48.el6.x86_64 qemu-kvm-0.12.1.2-2.445.el6.x86_64 2.6.32-504.el6.x86_64 1. Disable the default security labeling in /etc/libvirt/qemu.conf security_default_confined = 0 #service libvirtd restart 2. prepare two guests with <seclabel type='none' model='selinux'/> 3. start two guests # virsh list Id Name State ---------------------------------------------------- 16 r6 running 17 win running 4. restart libvirtd service # service libvirtd restart Stopping libvirtd daemon: [ OK ] Starting libvirtd daemon: [ OK ] 5. check guests are all running # virsh list Id Name State ---------------------------------------------------- 16 r6 running 17 win running 6. dumpxml again <seclabel type='none' model='selinux'/> 7. two guests after libvirtd restart, still running and works well change this bug to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1252.html |