Bug 1152661

Summary: External luns may loose the libvirt selinux label if a udev change event is triggered
Product: [Retired] oVirt Reporter: Nir Soffer <nsoffer>
Component: vdsmAssignee: Nir Soffer <nsoffer>
Status: CLOSED CURRENTRELEASE QA Contact: Gil Klein <gklein>
Severity: high Docs Contact:
Priority: high    
Version: 3.5CC: amureini, bazulay, ecohen, gklein, iheim, lsurette, mgoldboi, rbalakri, yeylon
Target Milestone: ---   
Target Release: 3.5.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: storage
Fixed In Version: ovirt-3.5.1_rc1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1157252 (view as bug list) Environment:
Last Closed: 2015-01-21 16:03:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1155170, 1157252, 1193195    

Description Nir Soffer 2014-10-14 15:53:34 UTC 
Description of problem:

Before plugging external luns to vms, we setup up a temporary udev rule
for setting device permissions. Using this rule will cause the device to
loose the libvirt selinux label if a device has a change event, and 
running with recent systemd-udevd (e.g. Fedora 19 and later, EL 7).

This is the same issue we had with vdsm images, (bug 1127460) but with
external luns we do not trigger change events, so the issue is unlikely.
However, if it happens, it will cause a vm to pause.

Version-Release number of selected component (if applicable):
vdsm master Oct 10.

How reproducible:
Always

Steps to Reproduce:
1. Start a vm using an external lun for one of the disks
2. Trigger a change event on a device used as external lun
   udevadm trigger --verbose --action change \
      --property-match=DM_NAME=1IET_0006000a

You need to replace 1IET_0006000a with the actual device name, can be
found using multipath -ll.

Actual results:
The device will loose the svirt_image_t:s0:cxxx,cyyy label, and will get the default label fixed_disk_device_t:s0 intead. This will cause the vm to pause.

Expected results:
Libvirt sexlinux label kept and vm keep running.
Comment 1 Sandro Bonazzola 2015-01-15 14:25:56 UTC 
This is an automated message: 
This bug should be fixed in oVirt 3.5.1 RC1, moving to QA
Comment 2 Sandro Bonazzola 2015-01-21 16:03:30 UTC 
oVirt 3.5.1 has been released. If problems still persist, please make note of it in this bug report.