Bug 1161831
Summary: | screenshot after qemu-attach crashes libvirtd | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Luyao Huang <lhuang> |
Component: | libvirt | Assignee: | Ján Tomko <jtomko> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.1 | CC: | dyuan, mzhan, rbalakri |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | libvirt-1.2.13-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 05:55:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Luyao Huang
2014-11-08 09:36:33 UTC
v1 of the fix by Luyao Huang: https://www.redhat.com/archives/libvir-list/2014-December/msg00009.html The first patch has been pushed as: commit f8c1fb3d2e38f181912544e956af068acde0e900 Author: Luyao Huang <lhuang> AuthorDate: 2014-12-01 17:54:35 +0800 Commit: Martin Kletzander <mkletzan> CommitDate: 2014-12-01 12:04:38 +0100 qemu: Make pid available for security managers in qemuProcessAttach There are some small issue in qemuProcessAttach: 1.Fix virSecurityManagerGetProcessLabel always get pid = 0, move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel. 2.Use virSecurityManagerGenLabel to get image label. 3.Fix always set selinux label for other security driver label. Signed-off-by: Luyao Huang <lhuang> git describe: v1.2.10-221-gf8c1fb3 v2 of the second patch from the series on the list: https://www.redhat.com/archives/libvir-list/2014-December/msg00207.html Fixed upstream by: commit c7c96647e903f50273977d1514d3a2a8f713b6e7 Author: Luyao Huang <lhuang> AuthorDate: 2014-12-09 16:33:57 +0800 Commit: Ján Tomko <jtomko> CommitDate: 2014-12-11 10:29:43 +0100 dac: Add a new func to get DAC label of a running process When using qemuProcessAttach to attach a qemu process, the DAC label is not filled correctly. Introduce a new function to get the uid:gid from the system and fill the label. This fixes the daemon crash when 'virsh screenshot' is called: https://bugzilla.redhat.com/show_bug.cgi?id=1161831 It also fixes qemu-attach after the prerequisite of this patch (commit f8c1fb3) was pushed out of order. Signed-off-by: Luyao Huang <lhuang> Signed-off-by: Ján Tomko <jtomko> git describe: v1.2.11-rc2-1-gc7c9664 I can produce this bug with build libvirt-1.2.8-6.el7.x86_64 verify it with build libvirt-1.2.14-1.el7.x86_64 verify steps 1. # /usr/libexec/qemu-kvm -hdb /var/lib/libvirt/images/new.img -monitor unix:/tmp/demo,server,nowait -name new -vnc 127.0.0.1:2 2.# ps aux |grep new root 16819 19.9 0.2 589964 19276 pts/4 Sl+ 17:38 0:03 /usr/libexec/qemu-kvm -hdb /var/lib/libvirt/images/new.img -monitor unix:/tmp/demo,server,nowait -name new -vnc 127.0.0.1:2 root 16828 0.0 0.0 112640 960 pts/3 S+ 17:38 0:00 grep --color=auto new 3. # virsh qemu-attach 16819 Domain new attached to pid 16819 4. # virsh list Id Name State ---------------------------------------------------- 44 new running 5. check dac label with dumpxml, dac label can be get correct when using root # virsh dumpxml new ... <seclabel type='static' model='selinux' relabel='yes'> <label>unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</label> <imagelabel>system_u:object_r:svirt_image_t:s0-s0:c0.c1023</imagelabel> </seclabel> <seclabel type='static' model='dac' relabel='yes'> <label>+0:+0</label> <imagelabel>+0:+0</imagelabel> </seclabel> </domain> ... 6. check libvirtd process, and do screenshot. libvirt does not crash # ps aux |grep libvirtd root 10010 0.0 0.4 1247060 32308 ? Ssl Apr24 1:53 /usr/sbin/libvirtd root 16945 0.0 0.0 112644 960 pts/3 S+ 17:44 0:00 grep --color=auto libvirtd # virsh screenshot new /tmp/new.ppm Screenshot saved to /tmp/new.ppm, with type of image/x-portable-pixmap # ps aux |grep libvirtd root 10010 0.0 0.4 1247508 32764 ? Ssl Apr24 1:53 /usr/sbin/libvirtd root 16958 0.0 0.0 112644 964 pts/3 S+ 17:44 0:00 grep --color=auto libvirtd [root@server 1.2.14-1.el7]# I can produce this with build libvirt-1.2.8-6.el7.x86_64 verify this with build libvirt-1.2.15-2.el7.x86_64 steps: 1. # /usr/libexec/qemu-kvm -hdb /var/lib/libvirt/images/new.img -monitor unix:/tmp/demo,server,nowait -name ef VNC server running on `::1:5900' 2. # ps aux |grep ef root 93 0.0 0.0 0 0 ? S< May21 0:00 [deferwq] root 2431 51.6 0.3 623652 28528 pts/1 Sl+ 16:39 0:05 /usr/libexec/qemu-kvm -hdb /var/lib/libvirt/images/new.img -monitor unix:/tmp/demo,server,nowait -name ef 3. # virsh qemu-attach 2431 Domain ef attached to pid 2431 4. # virsh list Id Name State ---------------------------------------------------- 17 ef running 5.# virsh screenshot ef Screenshot saved to ef-2015-05-22-16:40:48.ppm, with type of image/x-portable-pixmap check libvirtd does not crashed move to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2202.html |